500-171 FPIMPADM Implementing and Administering the FlexPod Solution (FPIMPADM)

Prerequisites
No pre-requisites for this course

Course Content
This course is a three-day ILT training program that is designed for system and network engineers and administrators implementing and administering FlexPod solutions. This course covers key implementation procedures, management and basic troubleshooting tasks on the Cisco Nexus 5548UP, Cisco UCS and NetApp storage. Upon completing this course, the learner will be able to meet these overall objectives: – Identify the architecture, features and components of FlexPod – Describe implementation parameters for Components including Cisco Nexus 5500 switches, Cisco UCS and NetApp clustered Data ONTAP – Describe FlexPod management tools

Course Outline
FlexPod Overview – Lab 1-1: Understanding Connectivity in the FlexPod Environment FlexPod Networking – Lab 2-1: Cisco Nexus 5548 LAN Deployment – Lab 2-2 Cisco Nexus 5548 SAN Deployment FlexPod Storage Lab 3-1: NetApp Cluster Setup Lab 3-2: Assign VLAN Tags to NetApp ifgrps – Lab 3-3: Create Vservers to Serve Fibre Channel and NFS FlexPod Compute Lab 4-1: Configure Cisco UCS B-Series – Lab 4-2: Install ESXi 5.1 to a Boot LUN FlexPod Virtualization Lab 5-1: Connect vCenter to ESXi Server FlexPod Management and Troubleshooting Tools – Lab 6-2: Install Microsoft Hyper-V

Who Should Attend
The primary audience for this course is as follows: – Network engineers, Network administrators, Field Engineers The secondary audience for this course is as follows: – System Engineers, Consulting System Engineers and Server Administrators


QUESTION 1
Which three are true for UCS 2208XP? (Choose three)

A. Works with FI 6120 and FI 6296
B. Supports FCoE
C. Supports native FC
D. Has 32 10Gb ports to each half-width slot in the chassis
E. Supports 4 port port-channel toward FI 6140
F. Connects to both Fabric Interconnects for high availability

Answer: A,B,D

Explanation:


QUESTION 2
Which two are required for single-wire management for Cisco UCS C-Series? (Choose two)

A. UCS Manager 2.1 or higher
B. VIC 1240
C. Redundant Nexus 2232PP FEX
D. 10 GB LOM
E. FI 6200 family only
F. VIC 1225

Answer: A,F

Explanation:


QUESTION 3
Which policy detail should be set if you want a server to be exempt from all power capping?

A. Create a Power Control Policy and set Power Capping to No Cap
B. Create a Power Control Policy select cap and set the priority to 1
C. Create a Power Group with the appropriate chassis and set the Group Budget Power Cap (W) to 0.
D. The UCS Power Cap feature should not be utilized in a FlexPod environment.

Answer: A

Explanation:


QUESTION 4
Which two are correct about VSAN configuration within UCS Manager? (Choose two)

A. VSAN ID and FCoE VLAN ID have to match
B. VSAN can be configured as fabric interconnect specific
C. We can delete VSAN 1
D. VSAN IDs 3840-4079 are not available regardless of the Fabric Interconnect mode
E. VSAN can be configured as a global parameter
F. In addition to SAN tab, VSANs can be configured under UCSM Server tab as well

Answer: B,E

Explanation:


QUESTION 5
Which two are true about Fabric Interconnect L1 and L2 ports in cluster mode? (Choose two)

A. Fabric Interconnects connected via L1/L2 have to be the same model except during the upgrade
B. Ports are primarily used for management traffic, but can be used for data traffic as well
C. Fabric Interconnect ports L1 and L2 are 10 Gb links
D. Ports can only run as a port channel
E. Ports can only run as individual links
F. Ports can run as a port channel or as individual links

Answer: A,D

Explanation:

Click here to view complete Q&A of 500-171 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 500-171 Certification, Cisco 500-171 Training at certkingdom.com

Posted in Cisco | Tagged , , , , , , , , | Leave a comment

500-170 FPDESGN

Exam Number 500-170 FPDESGN
Associated Certifications Cisco and NetApp FlexPod Design Specialist
Duration 60 Minutes (45 – 55 questions)
Available Languages English
Register Pearson VUE

The 500-170 FlexPod Design exam is the exam that will test System Engineers on their knowledge of FlexPod solution. This exam tests a candidate’s knowledge of tools and standards for assessing computing solution performance characteristics and requirements. In addition this exam will test a candidate’s knowledge of hardware components associated with the FlexPod Solution and the process for selecting proper hardware for a given set of requirements.

The FlexPod Design (FPDESGN) (500-170) exam is a 60-minute, 45-55 question exam that tests system engineers on their knowledge of the FlexPod solution. This exam tests a candidate’s knowledge of the tools and standards for assessing computing solution performance characteristics and requirements. In addition, this exam will test a candidate’s knowledge of the hardware components associated with the FlexPod solution and the process for selecting proper hardware for a given set of requirements.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Compute 22%
1.1 Hardware components
1.2 Configuration
1.3 High availability
1.4 SAN boot
1.5 Cisco UCS manager

2.0 Networking 18%
2.1 Hardware components
2.2 Configuration
2.3 SAN boot
2.4 High availability

3.0 Storage 16%
3.1 Hardware components
3.2 Configuration
3.3 SAN boot
3.4 High availability

4.0 Virtualization 28%
4.1 Hypervisor solutions
4.2 SAN boot

5.0 Management and Orchestration Tools 16%
5.1 Management tools
5.2 Design tools


QUESTION 1
What is the maximum aggregate traffic available to a half-width UCS B-Series blade in a 5108
Chassis with two 2208XP Fabric Extenders, Cisco VIC 1240 adapter, and Cisco Port Expander
Card for VIC 1240?

A. 40 Gb
B. 80 Gb
C. 120 Gb
D. 320 Gb

Answer: B

Explanation:


QUESTION 2
Which four are components of Cisco UCS stateless computing? (Choose four)

A. Utilization of service profiles to apply parameter settings from server hardware
B. Elements of a server’s personality, which may be included in a service profile, include firmware
versions, UUID, MAC Addresses, World Wide Names, and boot settings.
C. A one to one mapping of an application to a server
D. Boot from SAN
E. Every physical server in a Cisco UCS instance should remain anonymous until you associate a
service profile with it
F. A one to one mapping to the identity information burned into the hardware (mac addresses,
etc).

Answer: A,B,D,E

Explanation:


QUESTION 3
Which connectivity mode for Cisco UCS C-Series Rack-Mount Server management is supported
beginning with Cisco UCS Manager release version 2.1 and above?

A. Dual-wire Management
B. Single-wire Management
C. Quad-wire Management
D. Side Frame management

Answer: B

Explanation:


QUESTION 4
Which feature is supported for virtual machines configured with Direct Path I/O using Cisco Virtual
Machine Fabric Extender (VM-FEX) distributed switches?

A. vMotion
B. Record and Play
C. Fault tolerance
D. Unlimited DVS creation per Cisco UCS domain

Answer: A

Explanation:


QUESTION 5
Which four VLANs can be configured on UCS platform? (Choose four)

A. 1
B. 199
C. 1001
D. 3968
E. 4001
F. 4047
G. 4090
H. 4096

Answer: A,B,C,G

Explanation:

Click here to view complete Q&A of 500-170 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 500-170 Certification, Cisco 500-170 Training at certkingdom.com

 

Posted in Cisco | Tagged , , , , , , , , | Leave a comment

400-351 CCIE Wireless Exam Topics v3.0 and Topics v3.1

400-351 CCIE Wireless Exam Topics v3.0 and Topics v3.1

Exam Number 400-351
Associated Certifications CCIE Wireless
Duration 120 minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Cisco CCIE Wireless Written Exam is a 2-hour test that will validate that a wireless engineer has the expertise to plan, design, implement, operate, and troubleshoot complex enterprise WLAN networks.

Written Exam Topics v3.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v3.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

The Cisco CCIE® Wireless Written Exam (#400-351) is a 2-hour test with 90–110 questions that will validate that a wireless engineer has the expertise to plan, design, implement, operate and troubleshoot complex enterprise WLAN networks.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

Written Exam Topics v3.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Planning & Designing WLAN Technologies 24%

1.1 Describe WLAN organizations and regulations

1.2 Describe IEEE 802.11 standards and protocols

1.3 Plan & design wireless solutions requirements

1.3.a Translate customer requirements into services and design recommendations
1.3.b Identify ambiguity and/or information gaps
1.3.c Evaluate interoperability of proposed technologies against deployed IP network infrastructure & technologies
1.3.d Select an appropriate deployment model
1.3.e Regulatory domains and country codes

1.4 RF planning, designing and validation

1.4.a RF Design / Site survey
1.4.a [i] Define the tasks/goals for a preliminary site survey
1.4.a [ii] Conduct the site survey
1.4.a [iii] Determine AP quantity, placement and antenna type
1.4.b Architect indoor and outdoor RF deployments
1.4.b [i] Coverage
1.4.b [ii] Throughput
1.4.b [iii] Voice
1.4.b [iv] Location
1.4.b [v] HD
1.4.c Construct an RF operational model that includes:
1.4.c [i] Radio resource management (Auto-RF, manual, hybrid, TPC and DCA)
1.4.c [ii] Channel use (radar, non-WiFi interference)
1.4.c [iii] Power level, overlap
1.4.c [iv] RF profiles
1.4.d Validate implemented RF deployment

2.0 Configure and Troubleshoot the Network Infrastructure 10%

2.1 Configure and troubleshoot wired infrastructure to support WLANs

2.1.a VLANs
2.1.b VTP
2.1.c STP
2.1.d Etherchannel
2.1.e HSRP
2.1.f VSS
2.1.g Stacking

2.2 Plan network infrastructure capacity

2.3 Configure and troubleshoot network connectivity for:

2.3.a WLAN clients
2.3.b WLCs
2.3.c Lightweight APs
2.3.d Autonomous APs

2.4 Configure and troubleshoot PoE for APs

2.5 Configure and troubleshoot QoS on the switching infrastructure

2.5.a MQC
2.5.b Mls qos

2.6 Configure and troubleshoot multicast on the switching infrastructure

2.6.a PIM-SM
2.6.b Auto-RP
2.6.c Static-RP
2.6.d IGMP
2.6.e IGMP snooping
2.6.f MLD

2.7 Configure and troubleshoot IPv4 connectivity

2.7.a Subnetting
2.7.b Static routing
2.7.c Basic OSPF
2.7.d Basic EIGRP

2.8 Configure and troubleshoot basic IPv6 connectivity

2.8.a Subnetting
2.8.b Static routing
2.8.c Basic OSPFv3
2.8.d Basic EIGRP address families

2.9 Configure and troubleshoot wired security

2.9.a ACLs (v4/v6)
2.9.b dot1X
2.9.c Port-security
2.9.d SXP, SGT

2.10 Configure and troubleshoot network services

2.10.a DNS
2.10.b DHCPv4 / DHCPv6
2.10.c NTP, SNTP
2.10.d SYSLOG
2.10.e SNMP
2.10.f CDP, LLDP
2.10.g SDG. mDNS

3.0 Configure and Troubleshoot an Autonomous Deployment Model 10%

3.1 Configuring and troubleshooting different modes and roles

3.1.a Root
3.1.b WGB
3.1.c Bridge

3.2 Configuring and troubleshooting SSID/MBSSID

3.3 Configuring and troubleshooting security

3.3.a L2 security policies
3.3.b Association filters
3.3.c PSPF
3.3.d Local radius
3.3.e dot1x profiles
3.3.f Guest

3.4 Configuring and troubleshooting radio settings

3.5 Configuring and troubleshooting multicast

3.6 Configuring and troubleshooting QoS

4.0 Configure and Troubleshoot a Unified Deployment Model (Centralized) 20%

4.1 Configuring and controlling management access

4.2 Configuring and troubleshooting interfaces

4.3 Configuring and troubleshooting lightweight APs

4.3.a dot1x
4.3.b LSC
4.3.c AP modes
4.3.d AP authentication / authorization
4.3.e Logging
4.3.f Local / global configuration

4.4 Configuring and troubleshooting high availability and redundancy

4.4.a Clients
4.4.b APs
4.4.c WLCs

4.5 Configuring and troubleshooting wireless segmentation

4.5.a RF profiles
4.5.b AP groups
4.5.c Flexconnect

4.6 Configuring and troubleshooting wireless security policies

4.6.a WLANs
4.6.b L2/L3 security
4.6.c Rogue policies
4.6.d Local EAP
4.6.e Local profiling
4.6.f ACLs
4.6.g Certificates

4.7 Configuring and troubleshooting Flexconnect and Office Extend

4.8 Configuring and troubleshooting Mesh

4.9 Implement RF management

4.9.a Static RF management
4.9.b Automatic RF management
4.9.c CleanAir
4.9.d Data rates

4.10 Configuring and troubleshooting WLC control plane security

4.10.a AAA
4.10.b CPU ACLs
4.10.c Management via wireless interface
4.10.d Management via dynamic interface

4.11 Configuring and troubleshooting mobility

4.11.a L2/L3 roaming
4.11.b Multicast optimization
4.11.c Mobility group scaling
4.11.d Inter-release controller mobility
4.11.e New mobility
4.11.f Mobility anchoring

4.12 Configuring and troubleshooting multicast

5.0 Configure and Troubleshoot a Unified Deployment Model (Converged) 14%

5.1 Configuring and controlling management access

5.2 Configuring and troubleshooting Interfaces

5.3 Configuring and troubleshooting lightweight APs

5.3.a dot1x
5.3.b AP authentication / authorization
5.3.c Logging
5.3.d Local / global configuration

5.4 Configuring and troubleshooting high availability and redundancy

5.4.a Clients
5.4.b APs
5.4.c WLCs

5.5 Configuring and troubleshooting wireless segmentation

5.5.a RF profiles
5.5.b AP groups

5.6 Configuring and Troubleshooting wireless security policies

5.6.a WLANs
5.6.b L2/L3 security
5.6.c Rogue policies
5.6.d Local EAP
5.6.e ACLs
5.6.f Certificates

5.7 Implement RF management

5.7.a Static RF management
5.7.b Automatic RF management
5.7.c CleanAir
5.7.d Data rates

5.8 Configuring and troubleshooting WLC control plane security

5.8.a AAA
5.8.b Basic control plane policing

5.9 Configuring and troubleshooting mobility

5.9.a L2/L3 roaming
5.9.b Multicast optimization
5.9.c Mobility group scaling
5.9.d Inter-release controller mobility
5.9.e Mobility anchoring
5.9.f SPG
5.9.g MC/MA

5.10 Configuring and troubleshooting multicast

6.0 Configure and Troubleshoot Security & Identity Management 12%

6.1 Configure and troubleshoot identity management

6.1.a Basic PKI for dot1x and webauth
6.1.b External identity sources (AD, LDAP)

6.2 Configure and troubleshoot AAA policies

6.2.a Client authentication and authorization
6.2.b Management authentication and authorization
6.2.c Client profiling and provisioning
6.2.d RADIUS attributes
6.2.e CoA

6.3 Configure and troubleshoot guest management

6.3.a Local web authentication
6.3.b Central web authentication
6.3.c Basic sponsor policy

7.0 Configure and Troubleshoot Prime Infrastructure and MSE 10%

7.1 Configure and troubleshoot management access

7.1.a AAA
7.1.b Virtual domain

7.2 Perform basic operations

7.2.a Create and deploy templates
7.2.b Operate maps
7.2.c Import infrastructure devices
7.2.d High availability
7.2.e Audits
7.2.f Client troubleshooting
7.2.g Notification receivers
7.2.h Reports

7.3 Perform maintenance operations

7.3.a Background tasks
7.3.b SW image management

7.4 Security management

7.4.a Understand rogue management
7.4.b Manage alarms and events
7.4.c Understand security index

7.5 Implement and troubleshoot MSE

7.5.a Management access
7.5.b Network services
7.5.b [i] Location
7.5.b [ii] CMX
7.5.b [iii] CleanAir
7.5.b [iv] WIPS
7.5.c NMSP

7.6 Integrate ISE

7.7 Integrate netflow

8.0 Configure and Troubleshoot WLAN media and application services 10%

8.1 Configure and troubleshoot voice over wireless

8.1.a QoS profiles
8.1.b EDCA
8.1.c WMM
8.1.d BDRL
8.1.e Admission control
8.1.f MQC

8.2 Configuring and troubleshooting video and media

8.2.a Mediastream
8.2.b Multicast-direct
8.2.c Admission control

8.3 Configuring and troubleshooting mDNS

8.3.a mDNS proxy
8.3.b Service discovery
8.3.c Service filtering

8.4 Configuring and troubleshooting AVC and netflow
CCIE Wireless Written Exam (400-351) Version 3.1

Exam Description
The Cisco CCIE® Wireless Written Exam (400-351) version 3.1 is a 2-hour test with 90–110 questions that will validate that a wireless engineer has the expertise to plan, design, implement, operate and troubleshoot complex enterprise WLAN networks.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

Written Exam Topics v3.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

1.0 Planning & Designing WLAN Technologies 11%

1.1 Describe WLAN organizations and regulations

1.2 Describe IEEE 802.11 standards and protocols

1.3 Plan & design wireless solutions requirements

1.3.a Translate customer requirements into services and design recommendations
1.3.b Identify ambiguity and/or information gaps
1.3.c Evaluate interoperability of proposed technologies against deployed IP network infrastructure & technologies
1.3.d Select an appropriate deployment model
1.3.e Regulatory domains and country codes

1.4 RF planning, designing and validation

1.4.a RF Design / Site survey
1.4.a [i] Define the tasks/goals for a preliminary site survey
1.4.a [ii] Conduct the site survey
1.4.a [iii] Determine AP quantity, placement and antenna type
1.4.b Architect indoor and outdoor RF deployments
1.4.b [i] Coverage
1.4.b [ii] Throughput
1.4.b [iii] Voice
1.4.b [iv] Location
1.4.b [v] HD
1.4.c Construct an RF operational model that includes:
1.4.c [i] Radio resource management (Auto-RF, manual, hybrid, TPC and DCA)
1.4.c [ii] Channel use (radar, non-WiFi interference)
1.4.c [iii] Power level, overlap
1.4.c [iv] RF profiles
1.4.d Validate implemented RF deployment

2.0 Configure and Troubleshoot the Network Infrastructure 10%

2.1 Configure and troubleshoot wired infrastructure to support WLANs

2.1.a VLANs
2.1.b VTP
2.1.c STP
2.1.d Etherchannel
2.1.e HSRP
2.1.f VSS
2.1.g Stacking

2.2 Plan network infrastructure capacity

2.3 Configure and troubleshoot network connectivity for:

2.3.a WLAN clients
2.3.b WLCs
2.3.c Lightweight APs
2.3.d Autonomous APs

2.4 Configure and troubleshoot PoE for APs

2.5 Configure and troubleshoot QoS on the switching infrastructure

2.5.a MQC
2.5.b Mls qos

2.6 Configure and troubleshoot multicast on the switching infrastructure

2.6.a PIM-SM
2.6.b Auto-RP
2.6.c Static-RP
2.6.d IGMP
2.6.e IGMP snooping
2.6.f MLD

2.7 Configure and troubleshoot IPv4 connectivity

2.7.a Subnetting
2.7.b Static routing
2.7.c Basic OSPF
2.7.d Basic EIGRP

2.8 Configure and troubleshoot basic IPv6 connectivity

2.8.a Subnetting
2.8.b Static routing
2.8.c Basic OSPFv3
2.8.d Basic EIGRP address families

2.9 Configure and troubleshoot wired security

2.9.a ACLs (v4/v6)
2.9.b dot1X
2.9.c Port-security
2.9.d SXP, SGT

2.10 Configure and troubleshoot network services

2.10.a DNS
2.10.b DHCPv4 / DHCPv6
2.10.c NTP, SNTP
2.10.d SYSLOG
2.10.e SNMP
2.10.f CDP, LLDP
2.10.g SDG. mDNS

3.0 Configure and Troubleshoot an Autonomous Deployment Model 10%

3.1 Configuring and troubleshooting different modes and roles

3.1.a Root
3.1.b WGB
3.1.c Bridge

3.2 Configuring and troubleshooting SSID/MBSSID

3.3 Configuring and troubleshooting security

3.3.a L2 security policies
3.3.b Association filters
3.3.c PSPF
3.3.d Local radius
3.3.e dot1x profiles
3.3.f Guest

3.4 Configuring and troubleshooting radio settings

3.5 Configuring and troubleshooting multicast

3.6 Configuring and troubleshooting QoS

4.0 Configure and Troubleshoot a Unified Deployment Model (Centralized) 18%

4.1 Configuring and controlling management access

4.2 Configuring and troubleshooting interfaces

4.3 Configuring and troubleshooting lightweight APs

4.3.a dot1x
4.3.b LSC
4.3.c AP modes
4.3.d AP authentication / authorization
4.3.e Logging
4.3.f Local / global configuration

4.4 Configuring and troubleshooting high availability and redundancy

4.4.a Clients
4.4.b APs
4.4.c WLCs

4.5 Configuring and troubleshooting wireless segmentation

4.5.a RF profiles
4.5.b AP groups
4.5.c Flexconnect

4.6 Configuring and troubleshooting wireless security policies

4.6.a WLANs
4.6.b L2/L3 security
4.6.c Rogue policies
4.6.d Local EAP
4.6.e Local profiling
4.6.f ACLs
4.6.g Certificates

4.7 Configuring and troubleshooting Flexconnect and Office Extend

4.8 Configuring and troubleshooting Mesh

4.9 Implement RF management

4.9.a Static RF management
4.9.b Automatic RF management
4.9.c CleanAir
4.9.d Data rates

4.10 Configuring and troubleshooting WLC control plane security

4.10.a AAA
4.10.b CPU ACLs
4.10.c Management via wireless interface
4.10.d Management via dynamic interface

4.11 Configuring and troubleshooting mobility

4.11.a L2/L3 roaming
4.11.b Multicast optimization
4.11.c Mobility group scaling
4.11.d Inter-release controller mobility
4.11.e New mobility
4.11.f Mobility anchoring

4.12 Configuring and troubleshooting multicast

5.0 Configure and Troubleshoot a Unified Deployment Model (Converged) 11%

5.1 Configuring and controlling management access

5.2 Configuring and troubleshooting Interfaces

5.3 Configuring and troubleshooting lightweight APs

5.3.a dot1x
5.3.b AP authentication / authorization
5.3.c Logging
5.3.d Local / global configuration

5.4 Configuring and troubleshooting high availability and redundancy

5.4.a Clients
5.4.b APs
5.4.c WLCs

5.5 Configuring and troubleshooting wireless segmentation

5.5.a RF profiles
5.5.b AP groups

5.6 Configuring and Troubleshooting wireless security policies

5.6.a WLANs
5.6.b L2/L3 security
5.6.c Rogue policies
5.6.d Local EAP
5.6.e ACLs
5.6.f Certificates

5.7 Implement RF management

5.7.a Static RF management
5.7.b Automatic RF management
5.7.c CleanAir
5.7.d Data rates

5.8 Configuring and troubleshooting WLC control plane security

5.8.a AAA
5.8.b Basic control plane policing

5.9 Configuring and troubleshooting mobility

5.9.a L2/L3 roaming
5.9.b Multicast optimization
5.9.c Mobility group scaling
5.9.d Inter-release controller mobility
5.9.e Mobility anchoring
5.9.f SPG
5.9.g MC/MA

5.10 Configuring and troubleshooting multicast

6.0 Configure and Troubleshoot Security & Identity Management 10%

6.1 Configure and troubleshoot identity management

6.1.a Basic PKI for dot1x and webauth
6.1.b External identity sources (AD, LDAP)

6.2 Configure and troubleshoot AAA policies

6.2.a Client authentication and authorization
6.2.b Management authentication and authorization
6.2.c Client profiling and provisioning
6.2.d RADIUS attributes
6.2.e CoA

6.3 Configure and troubleshoot guest management

6.3.a Local web authentication
6.3.b Central web authentication
6.3.c Basic sponsor policy

7.0 Configure and Troubleshoot Prime Infrastructure and MSE 10%

7.1 Configure and troubleshoot management access

7.1.a AAA
7.1.b Virtual domain

7.2 Perform basic operations

7.2.a Create and deploy templates
7.2.b Operate maps
7.2.c Import infrastructure devices
7.2.d High availability
7.2.e Audits
7.2.f Client troubleshooting
7.2.g Notification receivers
7.2.h Reports

7.3 Perform maintenance operations

7.3.a Background tasks
7.3.b SW image management

7.4 Security management

7.4.a Understand rogue management
7.4.b Manage alarms and events
7.4.c Understand security index

7.5 Implement and troubleshoot MSE

7.5.a Management access
7.5.b Network services
7.5.b [i] Location
7.5.b [ii] CMX
7.5.b [iii] CleanAir
7.5.b [iv] WIPS
7.5.c NMSP

7.6 Integrate ISE

7.7 Integrate netflow

8.0 Configure and Troubleshoot WLAN media and application services 10%

8.1 Configure and troubleshoot voice over wireless

8.1.a QoS profiles
8.1.b EDCA
8.1.c WMM
8.1.d BDRL
8.1.e Admission control
8.1.f MQC

8.2 Configuring and troubleshooting video and media

8.2.a Mediastream
8.2.b Multicast-direct
8.2.c Admission control

8.3 Configuring and troubleshooting mDNS

8.3.a mDNS proxy
8.3.b Service discovery
8.3.c Service filtering

8.4 Configuring and troubleshooting AVC and netflow

9.0 Evolving Technologies 10%

9.1 Cloud

9.1.a Compare and contrast Cloud deployment models
9.1.a [i] Infrastructure, platform, and software services (XaaS)
9.1.a [ii] Performance and reliability
9.1.a [iii] Security and privacy
9.1.a [iv] Scalability and interoperability
9.1.b Describe Cloud implementations and operations
9.1.b [i] Automation and orchestration
9.1.b [ii] Workload mobility
9.1.b [iii] Troubleshooting and management
9.1.b [iv] OpenStack components

9.2 Network programmability [SDN]

9.2.a Describe functional elements of network programmability (SDN) and how they interact
9.2.a [i] Controllers
9.2.a [ii] APIs
9.2.a [iii] Scripting
9.2.a [iv] Agents
9.2.a [v] Northbound vs. Southbound protocols
9.2.b Describe aspects of virtualization and automation in network environments
9.2.b [i] DevOps methodologies, tools and workflows
9.2.b [ii] Network/application function virtualization (NFV, AFV)
9.2.b [iii] Service function chaining
9.2.b [iv] Performance, availability, and scaling considerations

9.3 Internet of Things

9.3.a Describe architectural framework and deployment considerations for Internet of Things (IoT)
9.3.a [i] Performance, reliability and scalability
9.3.a [ii] Mobility
9.3.a [iii] Security and privacy
9.3.a [iv] Standards and compliance
9.3.a [v] Migration
9.3.a [vi] Environmental impacts on the network

Click here to view complete Q&A of 400-351 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-351 Certification, Cisco 400-351 Training at certkingdom.com

Posted in CCIE | Tagged , , , , , , , , | Leave a comment

400-201 CCIE SP CCIE Service Provider Exam Topics v4.0, Topics v4.1

Exam Number 400-201 CCIE SP
Associated Certifications CCIE Service Provider
Duration 120 minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Cisco CCIE Service Provider Written Exam (400-201) version 4.0 is a two-hour test with 90-110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations.

Written Exam Topics v4.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v4.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

Exam Description
The Cisco CCIE® Service Provider Written Exam (400-201) version 4.0 is a two-hour test with 90−110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Service Provider Written Exam Topics v4.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Service Provider Architecture and Evolution 10%

1.1 Service Provider Architecture Concepts

1.1.a Describe network architecture component and Service Provider network domain, for example, PE, P, CE, Metro Ethernet Core, and Aggregation
1.1.b Describe platform architecture components, for example, RP, Line Cards, and Fabric Crossbar
1.1.c Describe Cisco IOS-XR Software architecture components, for example, System Manager and XR Kernel

1.2 Virtualization Concepts

1.2.a Describe basic physical router virtualization, for example, SDR and nV
1.2.b Describe basic network function virtualization, for example, XRv/CSR1000v

1.3 Mobility Concepts

1.3.a Describe basic Service Provider network mobility infrastructure, for example, RAN, Backhaul, and Core

2.0 Core Routing 23%

2.1 Interior Gateway Protocol (IGP)

2.1.a Describe, implement, and troubleshoot IS-IS
2.1.b Describe, implement, and troubleshoot OSPFv2 and OSPFv3
2.1.c Describe and optimize IGP scale and performance

2.2 Border Gateway Protocol (BGP)

2.2.a Describe, implement, and troubleshoot IBGP, EBGP, and MP-BGP
2.2.b Describe, implement, and troubleshoot BGP route policy enforcement
2.2.c Describe BGP path attribute
2.2.d Describe and optimize BGP scale and performance
2.2.e Describe, implement, and troubleshoot advanced BGP features, for example, add-path and BGP LS

2.3 Multiprotocol Label Switching (MPLS)

2.3.a Describe MPLS forwarding and control plane mechanisms
2.3.b Describe, implement, and troubleshoot LDP
2.3.c Describe and optimize LDP scale and performance

2.4 MPLS Traffic Engineering

2.4.a Describe, implement, and troubleshoot RSVP
2.4.b Describe, implement, and troubleshoot ISIS and OSPF extensions
2.4.c Describe, implement, and troubleshoot MPLS TE policy enforcement
2.4.d Describe MPLS TE attributes
2.4.e Describe and optimize MPLS TE scale and performance
2.4.f Describe MPLS advanced features, for example, Segment Routing, G-MPLS, MPLS-TP, and MPLS-TE Inter-AS

2.5 Multicast

2.5.a Describe, implement, and troubleshoot PIM (PIM-SM, PIM-SSM, and PIM-BIDIR)
2.5.b Describe, implement, and troubleshoot RP (Auto-RP, BSR, Static, Anycast RP, and MSDP)
2.5.c Describe, implement, and troubleshoot mLDP (including mLDP profiles from 0 to 9)
2.5.d Describe P2MP TE
2.5.e Describe and optimize multicast scale and performance

2.6 Quality of Service (QoS)

2.6.a Describe, implement, and troubleshoot classification and marking
2.6.b Describe, implement, and troubleshoot congestion management and scheduling, for example, policing, shaping, and queuing
2.6.c Describe, implement, and troubleshoot congestion avoidance
2.6.d Describe, implement, and troubleshoot MPLS QoS models (MAM, RDM, Pipe, Short Pipe, and Uniform)
2.6.e Describe, implement, and troubleshoot MPLS TE QoS (CBTS, PBTS, and DS-TE)

3.0 Service Provider Based Services 23%

3.1 Carrier Ethernet

3.1.a Describe, implement, and troubleshoot E-LINE, for example, VPWS
3.1.b Describe, implement, and troubleshoot E-LAN and E-TREE, for example VPLS and H-VPLS
3.1.c Describe EVPN (EVPN-VPWS and PBB EVPN)
3.1.d Describe IEEE 802.1ad (Q-in-Q), IEEE 802.1ah (Mac-in-Mac), and ITU G.8032 (REP)

3.2 L3VPN

3.2.a Describe, implement, and troubleshoot L3VPN
3.2.b Describe, implement, and troubleshoot Inter-AS L3VPN
3.2.c Describe, implement, and troubleshoot Multicast VPN
3.2.d Describe, implement, and troubleshoot Unified MPLS and CSC
3.2.e Describe, implement, and troubleshoot shared services, for example, Extranet and Internet access

3.3 Overlay VPN

3.3.a Describe, implement, and troubleshoot L2TPv3
3.3.b Describe, implement, and troubleshoot LISP
3.3.c Describe, implement, and troubleshoot GRE and mGRE based VPN

3.4 Internet Service

3.4.a Describe, implement, and troubleshoot Internet Peering and Transit
3.4.b Describe, implement, and troubleshoot IPv6 transition mechanism, for example, NAT44, NAT64, 6RD, and DS Lite
3.4.c Describe, implement, and troubleshoot Internet peering route and transit policy enforcement

4.0 Access and Aggregation 17%

4.1 Transport and Encapsulation Technologies

4.1.a Describe transport technologies, for example, optical, xDSL, DOCSIS, TDM, and GPON
4.1.b Describe, implement, and troubleshoot Ethernet technologies
4.1.c Describe link aggregation techniques

4.2 PE-CE Connectivity

4.2.a Describe, implement, and troubleshoot PE-CE routing protocols, for example, static, OSPF, and BGP
4.2.b Describe, implement, and troubleshoot route redistribution
4.2.c Describe, implement, and troubleshoot route filtering
4.2.d Describe, implement, and troubleshoot loop prevention techniques in Multihomed environments
4.2.e Describe, implement, and troubleshoot end-to-end fast convergence
4.2.f Describe, implement, and troubleshoot Multi-VRF CE
4.2.g Describe Broadband Forum TR-101, for example, Trunk N:1 and Trunk 1:1

4.3 Quality of Service (QoS)

4.3.a Describe, implement, and troubleshoot classification and marking
4.3.b Describe, implement, and troubleshoot congestion management and scheduling, for example, policing, shaping, and queuing
4.3.c Describe, implement, and troubleshoot congestion avoidance
4.3.d Describe Link Fragmentation (LFI), cRTP, and RTP

4.4 Multicast

4.4.a Describe, implement, and troubleshoot IGMP and MLD
4.4.b Describe, implement, and troubleshoot PIM
4.4.c Describe, implement, and troubleshoot RP
4.4.d Describe and optimize multicast scale and performance

5.0 High Availability and Fast Convergence 10%

5.1 System Level HA

5.1.a Describe Multichassis/clustering HA
5.1.b Describe, implement, and troubleshoot SS0/NSF, NSR, and GR
5.1.c Describe, implement, and troubleshoot IGP-LDP Sync
5.1.d Describe, implement, and troubleshoot LDP Session Protection

5.2 Layer 1/2/3 Failure Detection Techniques

5.2.a Describe Layer 1 failure detection
5.2.b Describe, implement, and troubleshoot Layer 2 failure detection
5.2.c Describe, implement, and troubleshoot Layer 3 failure detection

5.3 Routing/Fast Convergence

5.3.a Describe, implement, and optimize IGP convergence
5.3.b Describe, implement, and optimize BGP convergence
5.3.c Describe, implement, and optimize IP FRR and TE FRR

6.0 Service Provider Security, Service Provider Operation and Management 17%

6.1 Control Plane Security

6.1.a Describe, implement, and troubleshoot control plane protection techniques (LPTS and CoPP)
6.1.b Describe, implement, and troubleshoot routing protocol security, for example, BGP-TTL security and protocol authentication
6.1.c Describe, implement and troubleshoot BGP prefix suppression
6.1.d Describe, implement and troubleshoot LDP security, for example, authentication and label allocation filtering
6.1.e Describe, implement, and troubleshoot BGP prefix based filtering
6.1.f Describe BGPsec

6.2 Management Plane Security

6.2.a Describe, implement, and troubleshoot device management, for example, MPP, SSH, and VTY
6.2.b Describe, implement, and troubleshoot logging and SNMP security
6.2.c Describe backscatter Traceback

6.3 Infrastructure Security

6.3.a Describe, implement, and troubleshoot uRPF
6.3.b Describe Lawful-intercept
6.3.c Describe, implement, and troubleshoot iACL
6.3.d Describe, implement, and troubleshoot RTBH
6.3.e Describe BGP Flowspec
6.3.f Describe DDoS mitigation techniques

6.4 Timing and Synchronization

6.4.a Describe, implement, and troubleshoot timing protocol, for example, NTP, 1588v2, and SyncE

6.5 Network Monitoring and Troubleshooting

6.5.a Describe, implement, and troubleshoot syslog and logging functions
6.5.b Describe, implement, and troubleshoot SNMP traps, RMON, EEM, and EPC
6.5.c Describe, implement, and troubleshoot port mirroring protocols, for example, SPAN, RSPAN, and ERSPAN
6.5.d Describe, implement and troubleshoot NetFlow and IPFIX
6.5.e Describe, implement, and troubleshoot IP SLA
6.5.f Describe, implement, and troubleshoot MPLS OAM and Ethernet OAM
6.5.g Describe network event and fault management
6.5.h Describe performance management and capacity procedures

6.6 Network Configuration and Change Management

6.6.a Describe maintenance, operational procedures
6.6.b Describe network inventory management process
6.6.c Describe network change, implementation, and rollback
6.6.d Describe incident management process based on ITILv3 framework

CCIE Service Provider Written Exam (400-201) Version 4.1

Exam Description
The Cisco CCIE® Service Provider Written Exam (400-201) version 4.1 is a two-hour test with 90−110 questions that validate professionals who have the expertise to design, implement, diagnose, and troubleshoot complex Service Provider highly available network infrastructure and services based on dual stack solutions (IPv4 and IPv6); understand how the network and service components interoperate; and understand the functional requirements and translate into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Service Provider Written Exam Topics v4.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

1.0 Service Provider Architecture and Evolution 10%

1.1 Service Provider Architecture Concepts

1.1.a Describe network architecture component and Service Provider network domain, for example, PE, P, CE, Metro Ethernet Core, and Aggregation
1.1.b Describe platform architecture components, for example, RP, Line Cards, and Fabric Crossbar
1.1.c Describe Cisco IOS-XR Software architecture components, for example, System Manager and XR Kernel

1.2 Virtualization Concepts

1.2.a Describe basic physical router virtualization, for example, SDR and nV
1.2.b Describe basic network function virtualization, for example, XRv/CSR1000v

1.3 Mobility Concepts

1.3.a Describe basic Service Provider network mobility infrastructure, for example, RAN, Backhaul, and Core

2.0 Core Routing 20%

2.1 Interior Gateway Protocol (IGP)

2.1.a Describe, implement, and troubleshoot IS-IS
2.1.b Describe, implement, and troubleshoot OSPFv2 and OSPFv3
2.1.c Describe and optimize IGP scale and performance

2.2 Border Gateway Protocol (BGP)

2.2.a Describe, implement, and troubleshoot IBGP, EBGP, and MP-BGP
2.2.b Describe, implement, and troubleshoot BGP route policy enforcement
2.2.c Describe BGP path attribute
2.2.d Describe and optimize BGP scale and performance
2.2.e Describe, implement, and troubleshoot advanced BGP features, for example, add-path and BGP LS

2.3 Multiprotocol Label Switching (MPLS)

2.3.a Describe MPLS forwarding and control plane mechanisms
2.3.b Describe, implement, and troubleshoot LDP
2.3.c Describe and optimize LDP scale and performance

2.4 MPLS Traffic Engineering

2.4.a Describe, implement, and troubleshoot RSVP
2.4.b Describe, implement, and troubleshoot ISIS and OSPF extensions
2.4.c Describe, implement, and troubleshoot MPLS TE policy enforcement
2.4.d Describe MPLS TE attributes
2.4.e Describe and optimize MPLS TE scale and performance
2.4.f Describe MPLS advanced features, for example, Segment Routing, G-MPLS, MPLS-TP, and MPLS-TE Inter-AS

2.5 Multicast

2.5.a Describe, implement, and troubleshoot PIM (PIM-SM, PIM-SSM, and PIM-BIDIR)
2.5.b Describe, implement, and troubleshoot RP (Auto-RP, BSR, Static, Anycast RP, and MSDP)
2.5.c Describe, implement, and troubleshoot mLDP (including mLDP profiles from 0 to 9)
2.5.d Describe P2MP TE
2.5.e Describe and optimize multicast scale and performance

2.6 Quality of Service (QoS)

2.6.a Describe, implement, and troubleshoot classification and marking
2.6.b Describe, implement, and troubleshoot congestion management and scheduling, for example, policing, shaping, and queuing
2.6.c Describe, implement, and troubleshoot congestion avoidance
2.6.d Describe, implement, and troubleshoot MPLS QoS models (MAM, RDM, Pipe, Short Pipe, and Uniform)
2.6.e Describe, implement, and troubleshoot MPLS TE QoS (CBTS, PBTS, and DS-TE)

3.0 Service Provider Based Services 20%

3.1 Carrier Ethernet

3.1.a Describe, implement, and troubleshoot E-LINE, for example, VPWS
3.1.b Describe, implement, and troubleshoot E-LAN and E-TREE, for example VPLS and H-VPLS
3.1.c Describe EVPN (EVPN-VPWS and PBB EVPN)
3.1.d Describe IEEE 802.1ad (Q-in-Q), IEEE 802.1ah (Mac-in-Mac), and ITU G.8032 (REP)

3.2 L3VPN

3.2.a Describe, implement, and troubleshoot L3VPN
3.2.b Describe, implement, and troubleshoot Inter-AS L3VPN
3.2.c Describe, implement, and troubleshoot Multicast VPN
3.2.d Describe, implement, and troubleshoot Unified MPLS and CSC
3.2.e Describe, implement, and troubleshoot shared services, for example, Extranet and Internet access

3.3 Overlay VPN

3.3.a Describe, implement, and troubleshoot L2TPv3
3.3.b Describe, implement, and troubleshoot LISP
3.3.c Describe, implement, and troubleshoot GRE and mGRE based VPN

3.4 Internet Service

3.4.a Describe, implement, and troubleshoot Internet Peering and Transit
3.4.b Describe, implement, and troubleshoot IPv6 transition mechanism, for example, NAT44, NAT64, 6RD, and DS Lite
3.4.c Describe, implement, and troubleshoot Internet peering route and transit policy enforcement

4.0 Access and Aggregation 15%

4.1 Transport and Encapsulation Technologies

4.1.a Describe transport technologies, for example, optical, xDSL, DOCSIS, TDM, and GPON
4.1.b Describe, implement, and troubleshoot Ethernet technologies
4.1.c Describe link aggregation techniques

4.2 PE-CE Connectivity

4.2.a Describe, implement, and troubleshoot PE-CE routing protocols, for example, static, OSPF, and BGP
4.2.b Describe, implement, and troubleshoot route redistribution
4.2.c Describe, implement, and troubleshoot route filtering
4.2.d Describe, implement, and troubleshoot loop prevention techniques in Multihomed environments
4.2.e Describe, implement, and troubleshoot end-to-end fast convergence
4.2.f Describe, implement, and troubleshoot Multi-VRF CE
4.2.g Describe Broadband Forum TR-101, for example, Trunk N:1 and Trunk 1:1

4.3 Quality of Service (QoS)

4.3.a Describe, implement, and troubleshoot classification and marking
4.3.b Describe, implement, and troubleshoot congestion management and scheduling, for example, policing, shaping, and queuing
4.3.c Describe, implement, and troubleshoot congestion avoidance
4.3.d Describe Link Fragmentation (LFI), cRTP, and RTP

4.4 Multicast

4.4.a Describe, implement, and troubleshoot IGMP and MLD
4.4.b Describe, implement, and troubleshoot PIM
4.4.c Describe, implement, and troubleshoot RP
4.4.d Describe and optimize multicast scale and performance

5.0 High Availability and Fast Convergence 10%

5.1 System Level HA

5.1.a Describe Multichassis/clustering HA
5.1.b Describe, implement, and troubleshoot SS0/NSF, NSR, and GR
5.1.c Describe, implement, and troubleshoot IGP-LDP Sync
5.1.d Describe, implement, and troubleshoot LDP Session Protection

5.2 Layer 1/2/3 Failure Detection Techniques

5.2.a Describe Layer 1 failure detection
5.2.b Describe, implement, and troubleshoot Layer 2 failure detection
5.2.c Describe, implement, and troubleshoot Layer 3 failure detection

5.3 Routing/Fast Convergence

5.3.a Describe, implement, and optimize IGP convergence
5.3.b Describe, implement, and optimize BGP convergence
5.3.c Describe, implement, and optimize IP FRR and TE FRR

6.0 Service Provider Security, Service Provider Operation and Management 15%

6.1 Control Plane Security

6.1.a Describe, implement, and troubleshoot control plane protection techniques (LPTS and CoPP)
6.1.b Describe, implement, and troubleshoot routing protocol security, for example, BGP-TTL security and protocol authentication
6.1.c Describe, implement and troubleshoot BGP prefix suppression
6.1.d Describe, implement and troubleshoot LDP security, for example, authentication and label allocation filtering
6.1.e Describe, implement, and troubleshoot BGP prefix based filtering
6.1.f Describe BGPsec

6.2 Management Plane Security

6.2.a Describe, implement, and troubleshoot device management, for example, MPP, SSH, and VTY
6.2.b Describe, implement, and troubleshoot logging and SNMP security
6.2.c Describe backscatter Traceback

6.3 Infrastructure Security

6.3.a Describe, implement, and troubleshoot uRPF
6.3.b Describe Lawful-intercept
6.3.c Describe, implement, and troubleshoot iACL
6.3.d Describe, implement, and troubleshoot RTBH
6.3.e Describe BGP Flowspec
6.3.f Describe DDoS mitigation techniques

6.4 Timing and Synchronization

6.4.a Describe, implement, and troubleshoot timing protocol, for example, NTP, 1588v2, and SyncE

6.5 Network Monitoring and Troubleshooting

6.5.a Describe, implement, and troubleshoot syslog and logging functions
6.5.b Describe, implement, and troubleshoot SNMP traps, RMON, EEM, and EPC
6.5.c Describe, implement, and troubleshoot port mirroring protocols, for example, SPAN, RSPAN, and ERSPAN
6.5.d Describe, implement and troubleshoot NetFlow and IPFIX
6.5.e Describe, implement, and troubleshoot IP SLA
6.5.f Describe, implement, and troubleshoot MPLS OAM and Ethernet OAM
6.5.g Describe network event and fault management
6.5.h Describe performance management and capacity procedures

6.6 Network Configuration and Change Management

6.6.a Describe maintenance, operational procedures
6.6.b Describe network inventory management process
6.6.c Describe network change, implementation, and rollback
6.6.d Describe incident management process based on ITILv3 framework

7.0 Evolving Technologies 10%

7.1 Cloud

7.1.a Compare and contrast Cloud deployment models
7.1.a [i] Infrastructure, platform, and software services (XaaS)
7.1.a [ii] Performance and reliability
7.1.a [iii] Security and privacy
7.1.a [iv] Scalability and interoperability
7.1.b Describe Cloud implementations and operations
7.1.b [i] Automation and orchestration
7.1.b [ii] Workload mobility
7.1.b [iii] Troubleshooting and management
7.1.b [iv] OpenStack components

7.2 Network programmability [SDN]

7.2.a Describe functional elements of network programmability (SDN) and how they interact
7.2.a [i] Controllers
7.2.a [ii] APIs
7.2.a [iii] Scripting
7.2.a [iv] Agents
7.2.a [v] Northbound vs. Southbound protocols
7.2.b Describe aspects of virtualization and automation in network environments
7.2.b [i] DevOps methodologies, tools and workflows
7.2.b [ii] Network/application function virtualization (NFV, AFV)
7.2.b [iii] Service function chaining
7.2.b [iv] Performance, availability, and scaling considerations

7.3 Internet of Things

7.3.a Describe architectural framework and deployment considerations for Internet of Things (IoT)
7.3.a [i] Performance, reliability and scalability
7.3.a [ii] Mobility
7.3.a [iii] Security and privacy
7.3.a [iv] Standards and compliance
7.3.a [v] Migration
7.3.a [vi] Environmental impacts on the network


QUESTION 1
Which well-known community ensures that a BGP prefix is not propagated to any other BGP peers?

A. no-advertise
B. no-export
C. local-AS
D. Internet

Answer: C


QUESTION 2
Which is the RP address of the IPv6 multicast address FF76:0:130:1234:5678:9abc::4321?

A. 4321:5678:9abc::30
B. 4321:5678:9abc::13
C. 1234:5678:9abc::130
D. 1234:5678:9abc::1
E. 1234:5678:9abc::13

Answer: D
Reference: http://www.netcraftsmen.com/wp-content/uploads/2014/12/20090429-CMU-Introduction_to_IP_Multicast.pdf page 53


QUESTION 3
Two Tier 2 Service Providers are using a Tier 1 Service Provider for transport. MPLS is required between the Tier 2 Service Providers for label switching. In this CSC solution, which label stack is correct?

A. original IP packet, MPLS CSC transport label, MPLS VPN label, and MPLS Tier 2 transport label
B. original IP packet, MPLS Tier 2 transport label, MPLS VPN label, and MPLS CSC transport label
C. original IP packet, MPLS VPN label, MPLS Tier 2 transport label, and MPLS CSC transport label
D. original IP packet, MPLS Tier 2 transport label, MPLS CSC transport label, and MPLS VPN label

Answer: C


QUESTION 4
Which are the two purposes of the MPLS label value 1? (Choose two.)

A. it is used for MPLS OAM packets.
B. it indicates an implicit null label.
C. it is used for VPNv6 packets.
D. it is used to carry the QoS value in the label stack.
E. it indicates an explicit null label.
F. it indicates a router alert label.

Answer: C,F

Explanation: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/4649-mpls-faq-4649.html#qa3 http://www.iana.org/assignments/mpls-label-values/mpls-label-values.xhtml
IPv4 Explicit NULL Label —-> 0
Router Alert Label —-> 1
IPv6 Explicit NULL Label —–> 2
Implicit NULL Label —–> 3
OAM Alert Labe —–> 14


QUESTION 5
Which Cisco IOS XR Virtualization technology provides full isolation between virtualized routing instances for extra control plane resources?

A. HVR
B. SVR
C. SDR
D. DRP

Answer: C

Explanation: Explanation : http://www.cisco.com/en/US/solutions/collateral/ns341/ns524/ns562/ns573/white_paper_c1
1-512753_ns573_Networking_Solutions_White_Paper.html


QUESTION 6

An engineer wants to configure Fast Reroute in the network. Which methodology eliminates RSVP configuration in the network?

A. Enable LDP Fast Synch.
B. Enable IP Fast Reroute.
C. Enable the auto tunnel primary feature.
D. Enable Cisco MPLS TE Fast Reroute.
E. Enable the auto tunnel backup feature.

Answer: B

Explanation:
http://www.cisco.com/en/US/docs/ios/12_0st/12_0st10/feature/guide/fastrout.html


QUESTION 7
Customers connecting to a Service Provider for Internet access are intending to implement redundant peering. The design requirements call for preferring a primary link for both ingress and egress traffic. Secondary links should be used only during primary outages. What two BGP deployment options will accomplish this design goal? (Choose two.)

A. On the router handling the secondary link, advertise routes with a MED value of 0.
B. On the router handling the primary link, set the weight for all incoming routes to be a value of 0.
C. On the router handling the secondary link, advertise all routes with a longer AS-PATH value.
D. On the router handling the primary link, advertise all routes with a longer AS-PATH value.
E. On the router handling the secondary link, set the local preference for all incoming routes to be a value of 0.

Answer: C,E

Click here to view complete Q&A of 400-201 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-201 Certification, Cisco 400-201 Training at certkingdom.com

 

Posted in CCIE | Tagged , , , , , , , , | Leave a comment

400-101 CCIE Routing and Switching Written Exam Topics v5.0 and Written Exam Topics v5.1

CCIE Routing and Switching Written Exam
Exam Number 400-101 CCIE
Associated Certifications CCIE Routing and Switching
Duration 120 Minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Cisco CCIE Routing and Switching written exam validate that professionals have the expertise to: configure, validate, and troubleshoot complex enterprise network infrastructure; understand how infrastructure components interoperate; and translate functional requirements into specific device configurations.

Written Exam Topics v5.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v5.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

Exam Description
The CCIE written exam is a two-hour qualification exam. The exam uses a combination of 90-110 multiple choice questions and simulations to assess skills. Exams are closed book and no reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Routing and Switching Written Exam Topics v5.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Network Principles 10%

1.1 Network theory

1.1.a Describe basic software architecture differences between IOS and IOS XE
1.1.a [i] Control plane and Forwarding plane
1.1.a [ii] Impact to troubleshooting and performances
1.1.a [iii] Excluding specific platform’s architecture
1.1.b Identify Cisco express forwarding concepts
1.1.b [i] RIB, FIB, LFIB, Adjacency table
1.1.b [ii] Load balancing Hash
1.1.b [iii] Polarization concept and avoidance
1.1.c Explain general network challenges
1.1.c [i] Unicast flooding
1.1.c [ii] Out of order packets
1.1.c [iii] Asymmetric routing
1.1.c [iv] Impact of micro burst
1.1.d Explain IP operations
1.1.d [i] ICMP unreachable, redirect
1.1.d [ii] IPv4 options, IPv6 extension headers
1.1.d [iii] IPv4 and IPv6 fragmentation
1.1.d [iv] TTL
1.1.d [v] IP MTU
1.1.e Explain TCP operations
1.1.e [i] IPv4 and IPv6 PMTU
1.1.e [ii] MSS
1.1.e [iii] Latency
1.1.e [iv] Windowing
1.1.e [v] Bandwidth delay product
1.1.e [vi] Global synchronization
1.1.e [vii] Options
1.1.f Explain UDP operations
1.1.f [i] Starvation
1.1.f [ii] Latency
1.1.f [iii] RTP/RTCP concepts

1.2 Network implementation and operation
1.2.a Evaluate proposed changes to a network
1.2.a [i] Changes to routing protocol parameters
1.2.a [ii] Migrate parts of a network to IPv6
1.2.a [iii] Routing protocol migration
1.2.a [iv] Adding multicast support
1.2.a [v] Migrate spanning tree protocol
1.2.a [vi] Evaluate impact of new traffic on existing QoS design

1.3 Network troubleshooting
1.3.a Use IOS troubleshooting tools
1.3.a [i] debug, conditional debug
1.3.a [ii] ping, traceroute with extended options
1.3.a [iii] Embedded packet capture
1.3.a [iv] Performance monitor
1.3.b Apply troubleshooting methodologies
1.3.b [i] Diagnose the root cause of networking issue [analyze symptoms, identify and describe root cause]
1.3.b [ii] Design and implement valid solutions according to constraints
1.3.b [iii] Verify and monitor resolution
1.3.c Interpret packet capture
1.3.c [i] Using Wireshark trace analyzer
1.3.c [ii] Using IOS embedded packet capture

2.0 Layer 2 Technologies 15%

2.1 LAN switching technologies
2.1.a Implement and troubleshoot switch administration
2.1.a [i] Managing MAC address table
2.1.a [ii] errdisable recovery
2.1.a [iii] L2 MTU
2.1.b Implement and troubleshoot layer 2 protocols
2.1.b [i] CDP, LLDP
2.1.b [ii] UDLD
2.1.c Implement and troubleshoot VLAN
2.1.c [i] Access ports
2.1.c [ii] VLAN database
2.1.c [iii] Normal, extended VLAN, voice VLAN
2.1.d Implement and troubleshoot trunking
2.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d [ii] dot1Q
2.1.d [iii] Native VLAN
2.1.d [iv] Manual pruning
2.1.e Implement and troubleshoot EtherChannel
2.1.e [i] LACP, PAgP, manual
2.1.e [ii] Layer 2, layer 3
2.1.e [iii] Load-balancing
2.1.e [iv] Etherchannel misconfiguration guard
2.1.f Implement and troubleshoot spanning-tree
2.1.f [i] PVST+/RPVST+/MST
2.1.f [ii] Switch priority, port priority, path cost, STP timers
2.1.f [iii] port fast, BPDUguard, BPDUfilter
2.1.f [iv] loopguard, rootguard
2.1.g Implement and troubleshoot other LAN switching technologies
2.1.g [i] SPAN, RSPAN, ERSPAN
2.1.h Describe chassis virtualization and aggregation technologies
2.1.h [i] Multichassis
2.1.h [ii] VSS concepts
2.1.h [iii] Alternative to STP
2.1.h [iv] Stackwise
2.1.h [v] Excluding specific platform implementation
2.1.i Describe spanning-tree concepts
2.1.i [i] Compatibility between MST and RSTP
2.1.i [ii] STP dispute, STP bridge assurance

2.2 Layer 2 multicast
2.2.a Implement and troubleshoot IGMP
2.2.a [i] IGMPv1, IGMPv2, IGMPv3
2.2.a [ii] IGMP snooping
2.2.a [iii] IGMP querier
2.2.a [iv] IGMP filter
2.2.a [v] IGMP proxy
2.2.b Explain MLD
2.2.c Explain PIM snooping

2.3 Layer 2 WAN circuit technologies
2.3.a Implement and troubleshoot HDLC
2.3.b Implement and troubleshoot PPP
2.3.b [i] Authentication [PAP, CHAP]
2.3.b [ii] PPPoE
2.3.b [iii] MLPPP
2.3.c Describe WAN rate-based ethernet circuits
2.3.c [i] Metro and WAN Ethernet topologies
2.3.c [ii] Use of rate-limited WAN ethernet services

3.0 Layer 3 Technologies 40%

3.1 Addressing technologies
3.1.a Identify, implement and troubleshoot IPv4 addressing and subnetting
3.1.a [i] Address types, VLSM
3.1.a [ii] ARP
3.1.b Identify, implement and troubleshoot IPv6 addressing and subnetting
3.1.b [i] Unicast, multicast
3.1.b [ii] EUI-64
3.1.b [iii] ND, RS/RA
3.1.b [iv] Autoconfig/SLAAC, temporary addresses [RFC4941]
3.1.b [v] Global prefix configuration feature
3.1.b [vi] DHCP protocol operations
3.1.b [vii] SLAAC/DHCPv6 interaction
3.1.b [viii] Stateful, stateless DHCPv6
3.1.b [ix] DHCPv6 prefix delegation

3.2 Layer 3 multicast
3.2.a Troubleshoot reverse path forwarding
3.2.a [i] RPF failure
3.2.a [ii] RPF failure with tunnel interface
3.2.b Implement and troubleshoot IPv4 protocol independent multicast
3.2.b [i] PIM dense mode, sparse mode, sparse-dense mode
3.2.b [ii] Static RP, auto-RP, BSR
3.2.b [iii] BiDirectional PIM
3.2.b [iv] Source-specific multicast
3.2.b [v] Group to RP mapping
3.2.b [vi] Multicast boundary
3.2.c Implement and troubleshoot multicast source discovery protocol
3.2.c [i] Intra-domain MSDP [anycast RP]
3.2.c [ii] SA filter
3.2.d Describe IPv6 multicast
3.2.d [i] IPv6 multicast addresses
3.2.d [ii] PIMv6

3.3 Fundamental routing concepts
3.3.a Implement and troubleshoot static routing
3.3.b Implement and troubleshoot default routing
3.3.c Compare routing protocol types
3.3.c [i] Distance vector
3.3.c [ii] Link state
3.3.c [iii] Path vector
3.3.d Implement, optimize and troubleshoot administrative distance
3.3.e Implement and troubleshoot passive interface
3.3.f Implement and troubleshoot VRF lite
3.3.g Implement, optimize and troubleshoot filtering with any routing protocol
3.3.h Implement, optimize and troubleshoot redistribution between any routing protocol
3.3.i Implement, optimize and troubleshoot manual and auto summarization with any routing protocol
3.3.j Implement, optimize and troubleshoot policy-based routing
3.3.k Identify and troubleshoot sub-optimal routing
3.3.l Implement and troubleshoot bidirectional forwarding detection
3.3.m Implement and troubleshoot loop prevention mechanisms
3.3.m [i] Route tagging, filtering
3.3.m [ii] Split horizon
3.3.m [iii] Route poisoning
3.3.n Implement and troubleshoot routing protocol authentication
3.3.n [i] MD5
3.3.n [ii] Key-chain
3.3.n [iii] EIGRP HMAC SHA2-256bit
3.3.n [iv] OSPFv2 SHA1-196bit
3.3.n [v] OSPFv3 IPsec authentication

3.4 RIP [v2 and v6]
3.4.a Implement and troubleshoot RIPv2
3.4.b Describe RIPv6 [RIPng]

3.5 EIGRP [for IPv4 and IPv6]
3.5.a Describe packet types
3.5.a [i] Packet types [hello, query, update, and such]
3.5.a [ii] Route types [internal, external]
3.5.b Implement and troubleshoot neighbor relationship
3.5.b [i] Multicast, unicast EIGRP peering
3.5.b [ii] OTP point-to-point peering
3.5.b [iii] OTP route-reflector peering
3.5.b [iv] OTP multiple service providers scenario
3.5.c Implement and troubleshoot loop free path selection
3.5.c [i] RD, FD, FC, successor, feasible successor
3.5.c [ii] Classic metric
3.5.c [iii] Wide metric
3.5.d Implement and troubleshoot operations
3.5.d [i] General operations
3.5.d [ii] Topology table, update, query, active, passive
3.5.d [iii] Stuck in active
3.5.d [iv] Graceful shutdown
3.5.e Implement and troubleshoot EIGRP stub
3.5.e [i] Stub
3.5.e [ii] Leak-map
3.5.f Implement and troubleshoot load-balancing
3.5.f [i] equal-cost
3.5.f [ii] unequal-cost
3.5.f [iii] add-path
3.5.g Implement EIGRP [multi-address] named mode
3.5.g [i] Types of families
3.5.g [ii] IPv4 address-family
3.5.g [iii] IPv6 address-family
3.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
3.5.h [i] Describe fast convergence requirements
3.5.h [ii] Control query boundaries
3.5.h [iii] IP FRR/fast reroute [single hop]
3.5.8 [iv] Summary leak-map
3.5.h [v] Summary metric

3.6 OSPF [v2 and v3]
3.6.a Describe packet types
3.6.a [i] LSA yypes [1, 2, 3, 4, 5, 7, 9]
3.6.a [ii] Route types [N1, N2, E1, E2]
3.6.b Implement and troubleshoot neighbor relationship
3.6.c Implement and troubleshoot OSPFv3 address-family support
3.6.c [i] IPv4 address-family
3.6.c [ii] IPv6 address-family
3.6.d Implement and troubleshoot network types, area types and router types
3.6.d [i] Point-to-point, multipoint, broadcast, non-broadcast
3.6.d [ii] LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.6.d [iii] Internal router, ABR, ASBR
3.6.d [iv] Virtual link
3.6.e Implement and troubleshoot path preference
3.6.f Implement and troubleshoot operations
3.6.f [i] General operations
3.6.f [ii] Graceful shutdown
3.6.f [iii] GTSM [Generic TTL Security Mechanism]
3.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
3.6.g [i] Metrics
3.6.g [ii] LSA throttling, SPF tuning, fast hello
3.6.g [iii] LSA propagation control [area types, ISPF]
3.6.g [iv] IP FRR/fast reroute [single hop]
3.6.g [v] LFA/loop-free alternative [multi hop]
3.6.g [vi] OSPFv3 prefix suppression

3.7 BGP
3.7.a Describe, implement and troubleshoot peer relationships
3.7.a [i] Peer-group, template
3.7.a [ii] Active, passive
3.7.a [iii] States, timers
3.7.a [iv] Dynamic neighbors
3.7.b Implement and troubleshoot IBGP and EBGP
3.7.b [i] EBGP, IBGP
3.7.b [ii] 4 bytes AS number
3.7.b [iii] Private AS
3.7.c Explain attributes and best-path selection
3.7.d Implement, optimize and troubleshoot routing policies
3.7.d [i] Attribute manipulation
3.7.d [ii] Conditional advertisement
3.7.d [iii] Outbound route filtering
3.7.d [iv] Communities, extended communities
3.7.d [v] Multi-homing
3.7.e Implement and troubleshoot scalability
3.7.e [i] Route-reflector, cluster
3.7.e [ii] Confederations
3.7.e [iii] Aggregation, AS set
3.7.f Implement and troubleshoot multiproctocol BGP
3.7.f [i] IPv4, IPv6, VPN address-family
3.7.g Implement and troubleshoot AS path manipulations
3.7.g [i] Local AS, allow AS in, remove private AS
3.7.g [ii] Prepend
3.7.g [iii] Regexp
3.7.h Implement and troubleshoot other features
3.7.h [i] Multipath
3.7.h [ii] BGP synchronization
3.7.h [iii] Soft reconfiguration, route refresh
3.7.i Describe BGP fast convergence features
3.7.i [i] Prefix independent convergence
3.7.i [ii] Add-path
3.7.i [iii] Next-hop address tracking

3.8 ISIS [for IPv4 and IPv6]
3.8.a Describe basic ISIS network
3.8.a [i] Single area, single topology
3.8.b Describe neighbor relationship
3.8.c Describe network types, levels and router types
3.8.c [i] NSAP addressing
3.8.c [ii] Point-to-point, broadcast
3.8.d Describe operations
3.8.e Describe optimization features
3.8.e [i] Metrics, wide metric

4.0 VPN Technologies 15%

4.1 Tunneling
4.1.a Implement and troubleshoot MPLS operations
4.1.a [i] Label stack, LSR, LSP
4.1.a [ii] LDP
4.1.a [iii] MPLS ping, MPLS traceroute
4.1.b Implement and troubleshoot basic MPLS L3VPN
4.1.b [i] L3VPN, CE, PE, P
4.1.b [ii] Extranet [route leaking]
4.1.c Implement and troubleshoot encapsulation
4.1.c [i] GRE
4.1.c [ii] Dynamic GRE
4.1.c [iii] LISP encapsulation principles supporting EIGRP OTP
4.1.d Implement and troubleshoot DMVPN [single hub]
4.1.d [i] NHRP
4.1.d [ii] DMVPN with IPsec using preshared key
4.1.d [iii] QoS profile
4.1.d [iv] Pre-classify
4.1.e Describe IPv6 tunneling techniques
4.1.e [i] 6in4, 6to4
4.1.e [ii] ISATAP
4.1.e [iii] 6RD
4.1.e [iv] 6PE/6VPE
4.1.g Describe basic layer 2 VPN —wireline
4.1.g [i] L2TPv3 general principals
4.1.g [ii] ATOM general principals
4.1.h Describe basic L2VPN — LAN services
4.1.h [i] MPLS-VPLS general principals
4.1.h [ii] OTV general principals

4.2 Encryption
4.2.a Implement and troubleshoot IPsec with preshared key
4.2.a [i] IPv4 site to IPv4 site
4.2.a [ii] IPv6 in IPv4 tunnels
4.2.a [iii] Virtual tunneling Interface [VTI]
4.2.b Describe GET VPN

5.0 Infrastructure Security 5%

5.1 Device security
5.1.a Implement and troubleshoot IOS AAA using local database
5.1.b Implement and troubleshoot device access control
5.1.b [i] Lines [VTY, AUX, console]
5.1.b [ii] SNMP
5.1.b [iii] Management plane protection
5.1.b [iv] Password encryption
5.1.c Implement and troubleshoot control plane policing
5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
5.1.d [i] AAA with TACACS+ and RADIUS
5.1.d [ii] Local privilege authorization fallback

5.2 Network security
5.2.a Implement and troubleshoot switch security features
5.2.a [i] VACL, PACL
5.2.a [ii] Stormcontrol
5.2.a [iii] DHCP snooping
5.2.a [iv] IP source-guard
5.2.a [v] Dynamic ARP inspection
5.2.a [vi] port-security
5.2.a [vii] Private VLAN
5.2.b Implement and troubleshoot router security features
5.2.b [i] IPv4 access control lists [standard, extended, time-based]
5.2.b [ii] IPv6 traffic filter
5.2.b [iii] Unicast reverse path forwarding
5.2.c Implement and troubleshoot IPv6 first hop security
5.2.c [i] RA guard
5.2.c [ii] DHCP guard
5.2.c [iii] Binding table
5.2.c [iv] Device tracking
5.2.c [v] ND inspection/snooping
5.2.c [vii] Source guard
5.2.c [viii] PACL
5.2.d Describe 802.1x
5.2.d [i] 802.1x, EAP, RADIUS
5.2.d [ii] MAC authentication bypass

6.0 Infrastructure Services 15%

6.1 System management
6.1.a Implement and troubleshoot device management
6.1.a [i] Console and VTY
6.1.a [ii] telnet, HTTP, HTTPS, SSH, SCP
6.1.a [iii] [T]FTP
6.1.b Implement and troubleshoot SNMP
6.1.b [i] v2c, v3
6.1.c Implement and troubleshoot logging
6.1.c [i] Local logging, syslog, debug, conditional debug
6.1.c [ii] Timestamp

6.2 Quality of service
6.2.a Implement and troubleshoot end-to-end QoS
6.2.a [i] CoS and DSCP mapping
6.2.b Implement, optimize and troubleshoot QoS using MQC
6.2.b [i] Classification
6.2.b [ii] Network based application recognition [NBAR]
6.2.b [iii] Marking using IP precedence, DSCP, CoS, ECN
6.2.b [iv] Policing, shaping
6.2.b [v] Congestion management [queuing]
6.2.b [vi] HQoS, sub-rate ethernet link
6.2.b [vii] Congestion avoidance [WRED]
6.2.c Describe layer 2 QoS
6.2.c [i] Queuing, scheduling
6.2.c [ii] Classification, marking

6.3 Network services
6.3.a Implement and troubleshoot first-hop redundancy protocols
6.3.a [i] HSRP, GLBP, VRRP
6.3.a [ii] Redundancy using IPv6 RS/RA
6.3.b Implement and troubleshoot network time protocol
6.3.b [i] NTP master, client, version 3, version 4
6.3.b [ii] NTP Authentication
6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
6.3.c [i] DHCP client, IOS DHCP server, DHCP relay
6.3.c [ii] DHCP options
6.3.c [iii] DHCP protocol operations
6.3.c [iv] SLAAC/DHCPv6 interaction
6.3.c [v] Stateful, stateless DHCPv6
6.3.c [vi] DHCPv6 prefix delegation
6.3.d Implement and troubleshoot IPv4 network address translation
6.3.d [i] Static NAT, dynamic NAT, policy-based NAT, PAT
6.3.d [ii] NAT ALG
6.3.e Describe IPv6 network address translation
6.3.e [i] NAT64
6.3.e [ii] NPTv6

6.4 Network optimization
6.4.a Implement and troubleshoot IP SLA
6.4.a [i] ICMP, UDP, Jitter, VoIP
6.4.b Implement and troubleshoot tracking object
6.4.b [i] Tracking object, tracking list
6.4.b [ii] Tracking different entities [e.g. interfaces, routes, IPSLA, and such]
6.4.c Implement and troubleshoot netflow
6.4.c [i] Netflow v5, v9
6.4.c [ii] Local retrieval
6.4.c [iii] Export [configuration only]
6.4.d Implement and troubleshoot embedded event manager
6.4.d [i] EEM policy using applet
6.4.e Identify performance routing [PfR]
6.4.e [i] Basic load balancing
6.4.e [ii] Voice optimization

CCIE Routing and Switching Written Exam (400-101) Version 5.1

Exam Description
The Cisco CCIE® Routing and Switching Written Exam [400-101] version 5.1 is a 2-hour test with 90−110 questions that will validate that professionals have the expertise to: configure, validate, and troubleshoot complex enterprise network infrastructure; understand how infrastructure components interoperate; and translate functional requirements into specific device configurations. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Routing and Switching Written Exam Topics v5.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

1.0 Network Principles 10%

1.1 Network theory
1.1.a Describe basic software architecture differences between IOS and IOS XE
1.1.a [i] Control plane and Forwarding plane
1.1.a [ii] Impact to troubleshooting and performances
1.1.a [iii] Excluding specific platform’s architecture
1.1.b Identify Cisco express forwarding concepts
1.1.b [i] RIB, FIB, LFIB, Adjacency table
1.1.b [ii] Load balancing Hash
1.1.b [iii] Polarization concept and avoidance
1.1.c Explain general network challenges
1.1.c [i] Unicast flooding
1.1.c [ii] Out of order packets
1.1.c [iii] Asymmetric routing
1.1.c [iv] Impact of micro burst
1.1.d Explain IP operations
1.1.d [i] ICMP unreachable, redirect
1.1.d [ii] IPv4 options, IPv6 extension headers
1.1.d [iii] IPv4 and IPv6 fragmentation
1.1.d [iv] TTL
1.1.d [v] IP MTU
1.1.e Explain TCP operations
1.1.e [i] IPv4 and IPv6 PMTU
1.1.e [ii] MSS
1.1.e [iii] Latency
1.1.e [iv] Windowing
1.1.e [v] Bandwidth delay product
1.1.e [vi] Global synchronization
1.1.e [vii] Options
1.1.f Explain UDP operations
1.1.f [i] Starvation
1.1.f [ii] Latency
1.1.f [iii] RTP/RTCP concepts

1.2 Network implementation and operation
1.2.a Evaluate proposed changes to a network
1.2.a [i] Changes to routing protocol parameters
1.2.a [ii] Migrate parts of a network to IPv6
1.2.a [iii] Routing protocol migration
1.2.a [iv] Adding multicast support
1.2.a [v] Migrate spanning tree protocol
1.2.a [vi] Evaluate impact of new traffic on existing QoS design

1.3 Network troubleshooting
1.3.a Use IOS troubleshooting tools
1.3.a [i] debug, conditional debug
1.3.a [ii] ping, traceroute with extended options
1.3.a [iii] Embedded packet capture
1.3.a [iv] Performance monitor
1.3.b Apply troubleshooting methodologies
1.3.b [i] Diagnose the root cause of networking issue [analyze symptoms, identify and describe root cause]
1.3.b [ii] Design and implement valid solutions according to constraints
1.3.b [iii] Verify and monitor resolution
1.3.c Interpret packet capture
1.3.c [i] Using Wireshark trace analyzer
1.3.c [ii] Using IOS embedded packet capture

2.0 Layer 2 Technologies 13%

2.1 LAN switching technologies
2.1.a Implement and troubleshoot switch administration
2.1.a [i] Managing MAC address table
2.1.a [ii] errdisable recovery
2.1.a [iii] L2 MTU
2.1.b Implement and troubleshoot layer 2 protocols
2.1.b [i] CDP, LLDP
2.1.b [ii] UDLD
2.1.c Implement and troubleshoot VLAN
2.1.c [i] Access ports
2.1.c [ii] VLAN database
2.1.c [iii] Normal, extended VLAN, voice VLAN
2.1.d Implement and troubleshoot trunking
2.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
2.1.d [ii] dot1Q
2.1.d [iii] Native VLAN
2.1.d [iv] Manual pruning
2.1.e Implement and troubleshoot EtherChannel
2.1.e [i] LACP, PAgP, manual
2.1.e [ii] Layer 2, layer 3
2.1.e [iii] Load-balancing
2.1.e [iv] Etherchannel misconfiguration guard
2.1.f Implement and troubleshoot spanning-tree
2.1.f [i] PVST+/RPVST+/MST
2.1.f [ii] Switch priority, port priority, path cost, STP timers
2.1.f [iii] port fast, BPDUguard, BPDUfilter
2.1.f [iv] loopguard, rootguard
2.1.g Implement and troubleshoot other LAN switching technologies
2.1.g [i] SPAN, RSPAN, ERSPAN
2.1.h Describe chassis virtualization and aggregation technologies
2.1.h [i] Multichassis
2.1.h [ii] VSS concepts
2.1.h [iii] Alternative to STP
2.1.h [iv] Stackwise
2.1.h [v] Excluding specific platform implementation
2.1.i Describe spanning-tree concepts
2.1.i [i] Compatibility between MST and RSTP
2.1.i [ii] STP dispute, STP bridge assurance

2.2 Layer 2 multicast
2.2.a Implement and troubleshoot IGMP
2.2.a [i] IGMPv1, IGMPv2, IGMPv3
2.2.a [ii] IGMP snooping
2.2.a [iii] IGMP querier
2.2.a [iv] IGMP filter
2.2.a [v] IGMP proxy
2.2.b Explain MLD
2.2.c Explain PIM snooping

2.3 Layer 2 WAN circuit technologies
2.3.a Implement and troubleshoot HDLC
2.3.b Implement and troubleshoot PPP
2.3.b [i] Authentication [PAP, CHAP]
2.3.b [ii] PPPoE
2.3.b [iii] MLPPP
2.3.c Describe WAN rate-based ethernet circuits
2.3.c [i] Metro and WAN Ethernet topologies
2.3.c [ii] Use of rate-limited WAN ethernet services

3.0 Layer 3 Technologies 37%

3.1 Addressing technologies
3.1.a Identify, implement and troubleshoot IPv4 addressing and subnetting
3.1.a [i] Address types, VLSM
3.1.a [ii] ARP
3.1.b Identify, implement and troubleshoot IPv6 addressing and subnetting
3.1.b [i] Unicast, multicast
3.1.b [ii] EUI-64
3.1.b [iii] ND, RS/RA
3.1.b [iv] Autoconfig/SLAAC, temporary addresses [RFC4941]
3.1.b [v] Global prefix configuration feature
3.1.b [vi] DHCP protocol operations
3.1.b [vii] SLAAC/DHCPv6 interaction
3.1.b [viii] Stateful, stateless DHCPv6
3.1.b [ix] DHCPv6 prefix delegation

3.2 Layer 3 multicast
3.2.a Troubleshoot reverse path forwarding
3.2.a [i] RPF failure
3.2.a [ii] RPF failure with tunnel interface
3.2.b Implement and troubleshoot IPv4 protocol independent multicast
3.2.b [i] PIM dense mode, sparse mode, sparse-dense mode
3.2.b [ii] Static RP, auto-RP, BSR
3.2.b [iii] BiDirectional PIM
3.2.b [iv] Source-specific multicast
3.2.b [v] Group to RP mapping
3.2.b [vi] Multicast boundary
3.2.c Implement and troubleshoot multicast source discovery protocol
3.2.c [i] Intra-domain MSDP [anycast RP]
3.2.c [ii] SA filter
3.2.d Describe IPv6 multicast
3.2.d [i] IPv6 multicast addresses
3.2.d [ii] PIMv6

3.3 Fundamental routing concepts
3.3.a Implement and troubleshoot static routing
3.3.b Implement and troubleshoot default routing
3.3.c Compare routing protocol types
3.3.c [i] Distance vector
3.3.c [ii] Link state
3.3.c [iii] Path vector
3.3.d Implement, optimize and troubleshoot administrative distance
3.3.e Implement and troubleshoot passive interface
3.3.f Implement and troubleshoot VRF lite
3.3.g Implement, optimize and troubleshoot filtering with any routing protocol
3.3.h Implement, optimize and troubleshoot redistribution between any routing protocol
3.3.i Implement, optimize and troubleshoot manual and auto summarization with any routing protocol
3.3.j Implement, optimize and troubleshoot policy-based routing
3.3.k Identify and troubleshoot sub-optimal routing
3.3.l Implement and troubleshoot bidirectional forwarding detection
3.3.m Implement and troubleshoot loop prevention mechanisms
3.3.m [i] Route tagging, filtering
3.3.m [ii] Split horizon
3.3.m [iii] Route poisoning
3.3.n Implement and troubleshoot routing protocol authentication
3.3.n [i] MD5
3.3.n [ii] Key-chain
3.3.n [iii] EIGRP HMAC SHA2-256bit
3.3.n [iv] OSPFv2 SHA1-196bit
3.3.n [v] OSPFv3 IPsec authentication

3.4 RIP [v2 and v6]
3.4.a Implement and troubleshoot RIPv2
3.4.b Describe RIPv6 [RIPng]

3.5 EIGRP [for IPv4 and IPv6]
3.5.a Describe packet types
3.5.a [i] Packet types [hello, query, update, and such]
3.5.a [ii] Route types [internal, external]
3.5.b Implement and troubleshoot neighbor relationship
3.5.b [i] Multicast, unicast EIGRP peering
3.5.b [ii] OTP point-to-point peering
3.5.b [iii] OTP route-reflector peering
3.5.b [iv] OTP multiple service providers scenario
3.5.c Implement and troubleshoot loop free path selection
3.5.c [i] RD, FD, FC, successor, feasible successor
3.5.c [ii] Classic metric
3.5.c [iii] Wide metric
3.5.d Implement and troubleshoot operations
3.5.d [i] General operations
3.5.d [ii] Topology table, update, query, active, passive
3.5.d [iii] Stuck in active
3.5.d [iv] Graceful shutdown
3.5.e Implement and troubleshoot EIGRP stub
3.5.e [i] Stub
3.5.e [ii] Leak-map
3.5.f Implement and troubleshoot load-balancing
3.5.f [i] equal-cost
3.5.f [ii] unequal-cost
3.5.f [iii] add-path
3.5.g Implement EIGRP [multi-address] named mode
3.5.g [i] Types of families
3.5.g [ii] IPv4 address-family
3.5.g [iii] IPv6 address-family
3.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
3.5.h [i] Describe fast convergence requirements
3.5.h [ii] Control query boundaries
3.5.h [iii] IP FRR/fast reroute [single hop]
3.5.8 [iv] Summary leak-map
3.5.h [v] Summary metric

3.6 OSPF [v2 and v3]
3.6.a Describe packet types
3.6.a [i] LSA yypes [1, 2, 3, 4, 5, 7, 9]
3.6.a [ii] Route types [N1, N2, E1, E2]
3.6.b Implement and troubleshoot neighbor relationship
3.6.c Implement and troubleshoot OSPFv3 address-family support
3.6.c [i] IPv4 address-family
3.6.c [ii] IPv6 address-family
3.6.d Implement and troubleshoot network types, area types and router types
3.6.d [i] Point-to-point, multipoint, broadcast, non-broadcast
3.6.d [ii] LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.6.d [iii] Internal router, ABR, ASBR
3.6.d [iv] Virtual link
3.6.e Implement and troubleshoot path preference
3.6.f Implement and troubleshoot operations
3.6.f [i] General operations
3.6.f [ii] Graceful shutdown
3.6.f [iii] GTSM [Generic TTL Security Mechanism]
3.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
3.6.g [i] Metrics
3.6.g [ii] LSA throttling, SPF tuning, fast hello
3.6.g [iii] LSA propagation control [area types, ISPF]
3.6.g [iv] IP FRR/fast reroute [single hop]
3.6.g [v] LFA/loop-free alternative [multi hop]
3.6.g [vi] OSPFv3 prefix suppression

3.7 BGP
3.7.a Describe, implement and troubleshoot peer relationships
3.7.a [i] Peer-group, template
3.7.a [ii] Active, passive
3.7.a [iii] States, timers
3.7.a [iv] Dynamic neighbors
3.7.b Implement and troubleshoot IBGP and EBGP
3.7.b [i] EBGP, IBGP
3.7.b [ii] 4 bytes AS number
3.7.b [iii] Private AS
3.7.c Explain attributes and best-path selection
3.7.d Implement, optimize and troubleshoot routing policies
3.7.d [i] Attribute manipulation
3.7.d [ii] Conditional advertisement
3.7.d [iii] Outbound route filtering
3.7.d [iv] Communities, extended communities
3.7.d [v] Multi-homing
3.7.e Implement and troubleshoot scalability
3.7.e [i] Route-reflector, cluster
3.7.e [ii] Confederations
3.7.e [iii] Aggregation, AS set
3.7.f Implement and troubleshoot multiproctocol BGP
3.7.f [i] IPv4, IPv6, VPN address-family
3.7.g Implement and troubleshoot AS path manipulations
3.7.g [i] Local AS, allow AS in, remove private AS
3.7.g [ii] Prepend
3.7.g [iii] Regexp
3.7.h Implement and troubleshoot other features
3.7.h [i] Multipath
3.7.h [ii] BGP synchronization
3.7.h [iii] Soft reconfiguration, route refresh
3.7.i Describe BGP fast convergence features
3.7.i [i] Prefix independent convergence
3.7.i [ii] Add-path
3.7.i [iii] Next-hop address tracking

3.8 ISIS [for IPv4 and IPv6]
3.8.a Describe basic ISIS network
3.8.a [i] Single area, single topology
3.8.b Describe neighbor relationship
3.8.c Describe network types, levels and router types
3.8.c [i] NSAP addressing
3.8.c [ii] Point-to-point, broadcast
3.8.d Describe operations
3.8.e Describe optimization features
3.8.e [i] Metrics, wide metric

4.0 VPN Technologies 13%

4.1 Tunneling
4.1.a Implement and troubleshoot MPLS operations
4.1.a [i] Label stack, LSR, LSP
4.1.a [ii] LDP
4.1.a [iii] MPLS ping, MPLS traceroute
4.1.b Implement and troubleshoot basic MPLS L3VPN
4.1.b [i] L3VPN, CE, PE, P
4.1.b [ii] Extranet [route leaking]
4.1.c Implement and troubleshoot encapsulation
4.1.c [i] GRE
4.1.c [ii] Dynamic GRE
4.1.c [iii] LISP encapsulation principles supporting EIGRP OTP
4.1.d Implement and troubleshoot DMVPN [single hub]
4.1.d [i] NHRP
4.1.d [ii] DMVPN with IPsec using preshared key
4.1.d [iii] QoS profile
4.1.d [iv] Pre-classify
4.1.e Describe IPv6 tunneling techniques
4.1.e [i] 6in4, 6to4
4.1.e [ii] ISATAP
4.1.e [iii] 6RD
4.1.e [iv] 6PE/6VPE
4.1.g Describe basic layer 2 VPN —wireline
4.1.g [i] L2TPv3 general principals
4.1.g [ii] ATOM general principals
4.1.h Describe basic L2VPN — LAN services
4.1.h [i] MPLS-VPLS general principals
4.1.h [ii] OTV general principals

4.2 Encryption
4.2.a Implement and troubleshoot IPsec with preshared key
4.2.a [i] IPv4 site to IPv4 site
4.2.a [ii] IPv6 in IPv4 tunnels
4.2.a [iii] Virtual tunneling Interface [VTI]
4.2.b Describe GET VPN

5.0 Infrastructure Security 5%

5.1 Device security
5.1.a Implement and troubleshoot IOS AAA using local database
5.1.b Implement and troubleshoot device access control
5.1.b [i] Lines [VTY, AUX, console]
5.1.b [ii] SNMP
5.1.b [iii] Management plane protection
5.1.b [iv] Password encryption
5.1.c Implement and troubleshoot control plane policing
5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
5.1.d [i] AAA with TACACS+ and RADIUS
5.1.d [ii] Local privilege authorization fallback

5.2 Network security
5.2.a Implement and troubleshoot switch security features
5.2.a [i] VACL, PACL
5.2.a [ii] Stormcontrol
5.2.a [iii] DHCP snooping
5.2.a [iv] IP source-guard
5.2.a [v] Dynamic ARP inspection
5.2.a [vi] port-security
5.2.a [vii] Private VLAN
5.2.b Implement and troubleshoot router security features
5.2.b [i] IPv4 access control lists [standard, extended, time-based]
5.2.b [ii] IPv6 traffic filter
5.2.b [iii] Unicast reverse path forwarding
5.2.c Implement and troubleshoot IPv6 first hop security
5.2.c [i] RA guard
5.2.c [ii] DHCP guard
5.2.c [iii] Binding table
5.2.c [iv] Device tracking
5.2.c [v] ND inspection/snooping
5.2.c [vii] Source guard
5.2.c [viii] PACL
5.2.d Describe 802.1x
5.2.d [i] 802.1x, EAP, RADIUS
5.2.d [ii] MAC authentication bypass

6.0 Infrastructure Services 12%

6.1 System management
6.1.a Implement and troubleshoot device management
6.1.a [i] Console and VTY
6.1.a [ii] telnet, HTTP, HTTPS, SSH, SCP
6.1.a [iii] [T]FTP
6.1.b Implement and troubleshoot SNMP
6.1.b [i] v2c, v3
6.1.c Implement and troubleshoot logging
6.1.c [i] Local logging, syslog, debug, conditional debug
6.1.c [ii] Timestamp

6.2 Quality of service
6.2.a Implement and troubleshoot end-to-end QoS
6.2.a [i] CoS and DSCP mapping
6.2.b Implement, optimize and troubleshoot QoS using MQC
6.2.b [i] Classification
6.2.b [ii] Network based application recognition [NBAR]
6.2.b [iii] Marking using IP precedence, DSCP, CoS, ECN
6.2.b [iv] Policing, shaping
6.2.b [v] Congestion management [queuing]
6.2.b [vi] HQoS, sub-rate ethernet link
6.2.b [vii] Congestion avoidance [WRED]
6.2.c Describe layer 2 QoS
6.2.c [i] Queuing, scheduling
6.2.c [ii] Classification, marking

6.3 Network services
6.3.a Implement and troubleshoot first-hop redundancy protocols
6.3.a [i] HSRP, GLBP, VRRP
6.3.a [ii] Redundancy using IPv6 RS/RA
6.3.b Implement and troubleshoot network time protocol
6.3.b [i] NTP master, client, version 3, version 4
6.3.b [ii] NTP Authentication
6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
6.3.c [i] DHCP client, IOS DHCP server, DHCP relay
6.3.c [ii] DHCP options
6.3.c [iii] DHCP protocol operations
6.3.c [iv] SLAAC/DHCPv6 interaction
6.3.c [v] Stateful, stateless DHCPv6
6.3.c [vi] DHCPv6 prefix delegation
6.3.d Implement and troubleshoot IPv4 network address translation
6.3.d [i] Static NAT, dynamic NAT, policy-based NAT, PAT
6.3.d [ii] NAT ALG
6.3.e Describe IPv6 network address translation
6.3.e [i] NAT64
6.3.e [ii] NPTv6

6.4 Network optimization
6.4.a Implement and troubleshoot IP SLA
6.4.a [i] ICMP, UDP, Jitter, VoIP
6.4.b Implement and troubleshoot tracking object
6.4.b [i] Tracking object, tracking list
6.4.b [ii] Tracking different entities [e.g. interfaces, routes, IPSLA, and such]
6.4.c Implement and troubleshoot netflow
6.4.c [i] Netflow v5, v9
6.4.c [ii] Local retrieval
6.4.c [iii] Export [configuration only]
6.4.d Implement and troubleshoot embedded event manager
6.4.d [i] EEM policy using applet
6.4.e Identify performance routing [PfR]
6.4.e [i] Basic load balancing
6.4.e [ii] Voice optimization

7.0 Evolving Technologies 10%

7.1 Cloud
7.1.a Compare and contrast Cloud deployment models
7.1.a [i] Infrastructure, platform, and software services [XaaS]
7.1.a [ii] Performance and reliability
7.1.a [iii] Security and privacy
7.1.a [iv] Scalability and interoperability
7.1.b Describe Cloud implementations and operations
7.1.b [i] Automation and orchestration
7.1.b [ii] Workload mobility
7.1.b [iii] Troubleshooting and management
7.1.b [iv] OpenStack components

7.2 Network programmability [SDN]
7.2.a Describe functional elements of network programmability [SDN] and how they interact
7.2.a [i] Controllers
7.2.a [ii] APIs
7.2.a [iii] Scripting
7.2.a [iv] Agents
7.2.a [v] Northbound vs. Southbound protocols
7.2.b Describe aspects of virtualization and automation in network environments
7.2.b [i] DevOps methodologies, tools and workflows
7.2.b [ii] Network/application function virtualization [NFV, AFV]
7.2.b [iii] Service function chaining
7.2.b [iv] Performance, availability, and scaling considerations

7.3 Internet of Things
7.3.a Describe architectural framework and deployment considerations for Internet of Things [IoT]
7.3.a [i] Performance, reliability and scalability
7.3.a [ii] Mobility
7.3.a [iii] Security and privacy
7.3.a [iv] Standards and compliance
7.3.a [v] Migration
7.3.a [vi] Environmental impacts on the network


QUESTION 1
Which regular expression will match prefixes that originated from AS200?

A. ^$
B. ^200_
C. _200$
D. ^200)
E. _200_

Answer: C

Explanation:
Example on how to deny all prefixes originated in Autonomous System 200
router bgp 100
neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 route-map map1 in
!
route-map map1 permit 10 match as-path 1
!
ip as-path access-list 5 deny _200$ ip as-path access-list 5 permit .*
Reference: http://www.cisco.com/c/en/us/td/docs/ios/termserv/configuration/guide/12_4t/tsv_12_4t_bo ok/tsv_reg_express.html


QUESTION 2
Which two actions can you take to allow the greatest number of pertinent packets to be stored in the temporary buffer of Cisco IOS Embedded Packet Capture? (Choose two.)

A. Specify the sampling interval.
B. Specify the capture buffer type.
C. Specify a reflexive ACL.
D. Specify the minimum packet capture rate.
E. Specify the packet size.
F. Store the capture simultaneously onto an external memory card as the capture occurs.

Answer: A,B

Explanation:
Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear) and the maximum number of bytes of each packet to capture. The packet capture rate can be throttled using further administrative controls. For example, options allow for filtering the packets to be captured using an Access Control List and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe-3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html


QUESTION 3
Which BGP feature enables you to install a backup path in the forwarding table?

A. soft reconfiguration
B. prefix independent convergence
C. route refresh
D. synchronization

Answer: B

Explanation:
To install a backup path into the forwarding table and provide prefix independent convergence (PIC) in case of a PE-CE link failure, use the additional-paths install backup command in an appropriate address family configuration mode. To prevent installing the backup path, use the no form of this command. To disable prefix independent convergence, use the disable keyword.
Reference: http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-2/routing/command/reference/b_routing_cr42crs/b_routing_cr42crs_chapter_01.html


QUESTION 4
What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 authentication?

A. classic router mode, interface XX, authentication mode hmac-sha-256 <password>
B. named router mode, address-family statement, authentication mode hmac-sha-256 <password>
C. named router mode, address-family statement, af-interface default, authentication mode hmac-sha-256 <password>
D. named router mode, address-family statement, authentication mode hmac-sha-256 <password>

Answer: C

Explanation:
The example below shows how to configure EIGRP HMAC-SHA2 on Cisco router: Device(config)# router eigrp name1
Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# authentication mode hmac-sha-256 0 password1 Device(config-router-af-interface)# end
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-15-sy-book/ire-sha-256.html


QUESTION 5
Which two statements about the OSPF two-way neighbor state are true? (Choose two.)

A. Each neighbor receives its own router ID in a hello packet from the other neighbor.
B. Each neighbor receives a hello message from the other neighbor.
C. It is valid only on NBMA networks.
D. It is valid only on point-to-point networks.
E. Each neighbor receives an acknowledgement of its own hello packet from the other neighbor.
F. Each neighbor receives the router ID of the other neighbor in a hello packet from the other neighbor.

Answer: A,E

Click here to view complete Q&A of 400-101 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-101 Certification, Cisco 400-101 Training at certkingdom.com

Posted in CCIE | Tagged , , , , , , , , | Leave a comment

400-051 CCIE Collaboration Written Exam Topics v1.0 and Version 1.1

Exam Number 400-051 CCIE Collaboration
Associated Certifications CCIE Collaboration
Duration 120 minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks.

Written Exam Topics v1.0 (Recommended for candidates scheduled to take the test BEFORE July 25, 2016)

Written Exam Topics v1.1 (Recommended for candidates scheduled to take the test ON July 25, 2016 and beyond)

Exam Description
The Cisco CCIE® Collaboration Written Exam (400-051) version 1.0 has 90-110 questions and is 2 hours in duration. This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Collaboration Written Exam Topics v1.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Cisco Collaboration Infrastructure 10%

1.1 Cisco UC Deployment Models

1.2 User management

1.3 IP routing in Cisco Collaboration Solutions

1.4 Virtualization in Cisco Collaboration Solutions

1.4.a UCS
1.4.b VMware
1.4.c Answer files

1.5 Wireless in Cisco Collaboration Solutions

1.6 Network services

1.6.a DNS
1.6.b DHCP
1.6.c TFTP
1.6.d NTP
1.6.e CDP/LLDP

1.7 PoE

1.8 Voice and data VLAN

1.9 IP multicast

1.10 IPv6

2.0 Telephony Standards and Protocols 15%

2.1 SCCP

2.1.a Call flows
2.1.b Call states
2.1.c Endpoint types

2.2 MGCP

2.2.a Call flows
2.2.b Call states
2.2.c Endpoint types

2.3 SIP

2.3.a Call flows
2.3.b Call states
2.3.c DP
2.3.d BFCP

2.4 H.323 and RAS

2.4.a Call flows
2.4.b Call states
2.4.c Gatekeeper
2.4.d H.239

2.5 Voice and video CODECs

2.5.a H.264
2.5.b ILBC
2.5.c ISAC
2.5.d LATM
2.5.e G.722
2.5.f Wide band

2.6 RTP, RTCP, and SRTP

3.0 Cisco Unified Communications Manager (CUCM) 25%

3.1 Device registration and redundancy

3.2 Device settings

3.3 Codec selection

3.4 Call features

3.4.a Call park
3.4.b Call pickup
3.4.c BLF speed dials
3.4.d Native call queuing
3.4.e Call hunting
3.4.f Meet-Me

3.5 Dial plan

3.5.a Globalized call routing
3.5.b Local route group
3.5.c Time-of-day routing
3.5.d Application dial rules
3.5.e Digit manipulations

3.6 Media resources

3.6.a TRP
3.6.b MOH
3.6.c CFB
3.6.d Transcoder and MTP
3.6.e Annunciator
3.6.f MRG and MRGL

3.7 CUCM mobility

3.7.a EM/EMCC
3.7.b Device Mobility
3.7.c Mobile Connect
3.7.d MVA

3.8 CUCM serviceability and OS administration

3.8.a Database replication
3.8.b CDR
3.8.c Service activation
3.8.d CMR

3.9 CUCM disaster recovery

3.10 ILS/URI dialing

3.10.a Directory URI
3.10.b ISL topology
3.10.c Blended addressing

3.11 Call Admission Control

3.11.a CAC/ELCAC
3.11.b RSVP
3.11.c SIP preconditions

3.12 SIP and H.323 trunks

3.12.a SIP trunks
3.12.b H.323 trunks
3.12.c Number presentation and manipulation

3.13 SAF and CCD

3.14 Call recording and silent monitoring

4.0 Cisco IOS UC Applications and Features 20%
4.1 CUCME

4.1.a SCCP phones registration
4.1.b SIP phones Registration
4.1.c SNR

4.2 SRST

4.2.a CME-as-SRST
4.2.b MGCP fallback
4.2.c MMOH in SRST

4.3 CUE

4.3.a AA
4.3.b Scripting
4.3.c Voiceview
4.3.d Web inbox
4.3.e MWI
4.3.f VPIM

4.4 Cisco IOS-based call queuing

4.4.a B-ACD
4.4.b Voice hunt groups
4.4.c Call blast

4.5 Cisco IOS media resources

4.5.a Conferencing
4.5.b Transcoding
4.5.c DSP management

4.6 CUBE

4.6.a Mid-call signaling
4.6.b SIP profiles
4.6.c Early and delayed offer
4.6.d DTMF interworking
4.6.e Box-to-box failover and redundancy

4.7 Fax and modem protocols

4.8 Analog telephony signalling

4.8.a Analog telephony signalling theories (FXS/FXO)
4.8.b Caller ID
4.8.c Line voltage detection
4.8.d THL sweep
4.8.e FXO disconnect
4.8.f Echo

4.9 Digital telephony signalling

4.9.a Digital telephony signalling theories (T1/E1, BRI/PRI/CAS)
4.9.b Q.921 and Q.931
4.9.c QSIG
4.9.d Caller ID
4.9.e R2
4.9.f NFAS

4.10 Cisco IOS dial plan

4.10.a Translation profile
4.10.b Dial-peer matching logics
4.10.c Test commands

4.11 SAF/CCD

4.12 IOS CAC

4.13 IOS accounting

5.0 Quality of Service and Security in Cisco Collaboration Solutions 12%

5.1 QoS: link efficiency

5.1.a LFI
5.1.b MMLPPP
5.1.c FRF.12
5.1.d cRTP
5.1.e VAD

5.2 QoS: classification and marking

5.2.a Voice versus video classification
5.2.b Soft clients versus hard clients
5.2.c Trust boundaries

5.3 QoS: congestion management

5.3.a Layer 2 priorities
5.3.b Low latency queue
5.3.c Traffic policing and shaping

5.4 QoS: medianet

5.5 QoS: wireless QoS

5.6 Security: mixed mode cluster

5.7 Security: secured phone connectivity

5.7.a VPN phones
5.7.b Phone proxy
5.7.c TLS proxy
5.7.d IEEE 802.1x

5.8 Security: default security features

5.9 Security: firewall traversal

5.10 Security: toll fraud

6.0 Cisco Unity Connection  8%

6.1 CUCM and CUCME integration

6.2 Single inbox

6.3 MWI

6.4 Call handlers

6.5 CUC dial plan

6.6 Directory handlers

6.7 CUC features

6.7.a High availability
6.7.b Visual voicemail
6.7.c Voicemail for Jabber

6.8 Voicemail networking

7.0 Cisco Unified Contact Center Express 4%

7.1 UCCX CTI Integration

7.2 ICD functions

7.3 UCCX scripting components

8.0 Cisco Unified IM and Presence 6%

8.1 Cisco Unified IM Presence Components

8.2 CUCM integration

8.3 Cisco Jabber

8.4 Federation

8.5 Presence Cloud Solutions

8.6 Group chat and compliance

CCIE Collaboration Written Exam (400-051) Version 1.1

Exam Description

The Cisco CCIE® Collaboration Written Exam [400-051] version 1.1 has 90-110 questions and is 2 hours in duration. This exam validates that candidates have the skills to plan, design, implement, operate, and troubleshoot enterprise collaboration and communication networks. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Collaboration Written Exam Topics v1.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

1.0 Cisco Collaboration Infrastructure 10%

1.1 Cisco UC Deployment Models

1.2 User management

1.3 IP routing in Cisco Collaboration Solutions

1.4 Virtualization in Cisco Collaboration Solutions

1.4.a UCS
1.4.b VMware
1.4.c Answer files

1.5 Wireless in Cisco Collaboration Solutions

1.6 Network services

1.6.a DNS
1.6.b DHCP
1.6.c TFTP
1.6.d NTP
1.6.e CDP/LLDP

1.7 PoE

1.8 Voice and data VLAN

1.9 IP multicast

1.10 IPv6

2.0 Telephony Standards and Protocols 12%

2.1 SCCP

2.1.a Call flows
2.1.b Call states
2.1.c Endpoint types

2.2 MGCP

2.2.a Call flows
2.2.b Call states
2.2.c Endpoint types

2.3 SIP

2.3.a Call flows
2.3.b Call states
2.3.c DP
2.3.d BFCP

2.4 H.323 and RAS

2.4.a Call flows
2.4.b Call states
2.4.c Gatekeeper
2.4.d H.239

2.5 Voice and video CODECs

2.5.a H.264
2.5.b ILBC
2.5.c ISAC
2.5.d LATM
2.5.e G.722
2.5.f Wide band

2.6 RTP, RTCP, and SRTP

3.0 Cisco Unified Communications Manager [CUCM] 22%

3.1 Device registration and redundancy

3.2 Device settings

3.3 Codec selection

3.4 Call features

3.4.a Call park
3.4.b Call pickup
3.4.c BLF speed dials
3.4.d Native call queuing
3.4.e Call hunting
3.4.f Meet-Me

3.5 Dial plan

3.5.a Globalized call routing
3.5.b Local route group
3.5.c Time-of-day routing
3.5.d Application dial rules
3.5.e Digit manipulations

3.6 Media resources

3.6.a TRP
3.6.b MOH
3.6.c CFB
3.6.d Transcoder and MTP
3.6.e Annunciator
3.6.f MRG and MRGL

3.7 CUCM mobility

3.7.a EM/EMCC
3.7.b Device Mobility
3.7.c Mobile Connect
3.7.d MVA

3.8 CUCM serviceability and OS administration

3.8.a Database replication
3.8.b CDR
3.8.c Service activation
3.8.d CMR

3.9 CUCM disaster recovery

3.10 ILS/URI dialing

3.10.a Directory URI
3.10.b ISL topology
3.10.c Blended addressing

3.11 Call Admission Control

3.11.a CAC/ELCAC
3.11.b RSVP
3.11.c SIP preconditions

3.12 SIP and H.323 trunks

3.12.a SIP trunks
3.12.b H.323 trunks
3.12.c Number presentation and manipulation

3.13 SAF and CCD

3.14 Call recording and silent monitoring

4.0 Cisco IOS UC Applications and Features 16%

4.1 CUCME

4.1.a SCCP phones registration
4.1.b SIP phones Registration
4.1.c SNR

4.2 SRST

4.2.a CME-as-SRST
4.2.b MGCP fallback
4.2.c MMOH in SRST

4.3 CUE

4.3.a AA
4.3.b Scripting
4.3.c Voiceview
4.3.d Web inbox
4.3.e MWI
4.3.f VPIM

4.4 Cisco IOS-based call queuing

4.4.a B-ACD
4.4.b Voice hunt groups
4.4.c Call blast

4.5 Cisco IOS media resources

4.5.a Conferencing
4.5.b Transcoding
4.5.c DSP management

4.6 CUBE

4.6.a Mid-call signaling
4.6.b SIP profiles
4.6.c Early and delayed offer
4.6.d DTMF interworking
4.6.e Box-to-box failover and redundancy

4.7 Fax and modem protocols

4.8 Analog telephony signalling

4.8.a Analog telephony signalling theories [FXS/FXO]
4.8.b Caller ID
4.8.c Line voltage detection
4.8.d THL sweep
4.8.e FXO disconnect
4.8.f Echo

4.9 Digital telephony signalling

4.9.a Digital telephony signalling theories [T1/E1, BRI/PRI/CAS]
4.9.b Q.921 and Q.931
4.9.c QSIG
4.9.d Caller ID
4.9.e R2
4.9.f NFAS

4.10 Cisco IOS dial plan

4.10.a Translation profile
4.10.b Dial-peer matching logics
4.10.c Test commands

4.11 SAF/CCD

4.12 IOS CAC

4.13 IOS accounting

5.0 Quality of Service and Security in Cisco Collaboration Solutions 12%

5.1 QoS: link efficiency

5.1.a LFI
5.1.b MMLPPP
5.1.c FRF.12
5.1.d cRTP
5.1.e VAD

5.2 QoS: classification and marking

5.2.a Voice versus video classification
5.2.b Soft clients versus hard clients
5.2.c Trust boundaries

5.3 QoS: congestion management

5.3.a Layer 2 priorities
5.3.b Low latency queue
5.3.c Traffic policing and shaping

5.4 QoS: medianet

5.5 QoS: wireless QoS

5.6 Security: mixed mode cluster

5.7 Security: secured phone connectivity

5.7.a VPN phones
5.7.b Phone proxy
5.7.c TLS proxy
5.7.d IEEE 802.1x

5.8 Security: default security features

5.9 Security: firewall traversal

5.10 Security: toll fraud

6.0 Cisco Unity Connection 8%

6.1 CUCM and CUCME integration

6.2 Single inbox

6.3 MWI

6.4 Call handlers

6.5 CUC dial plan

6.6 Directory handlers

6.7 CUC features

6.7.a High availability
6.7.b Visual voicemail
6.7.c Voicemail for Jabber

6.8 Voicemail networking

7.0 Cisco Unified Contact Center Express 4%

7.1 UCCX CTI Integration

7.2 ICD functions

7.3 UCCX scripting components

8.0 Cisco Unified IM and Presence 6%

8.1 Cisco Unified IM Presence Components

8.2 CUCM integration

8.3 Cisco Jabber

8.4 Federation

8.5 Presence Cloud Solutions

8.6 Group chat and compliance

9.0 Evolving Technologies 10%

9.1 Cloud

9.1.a Compare and contrast Cloud deployment models
9.1.a [i] Infrastructure, platform, and software services [XaaS]
9.1.a [ii] Performance and reliability
9.1.a [iii] Security and privacy
9.1.a [iv] Scalability and interoperability
9.1.b Describe Cloud implementations and operations
9.1.b [i] Automation and orchestration
9.1.b [ii] Workload mobility
9.1.b [iii] Troubleshooting and management
9.1.b [iv] OpenStack components

9.2 Network programmability [SDN]

9.2.a Describe functional elements of network programmability [SDN] and how they interact
9.2.a [i] Controllers
9.2.a [ii] APIs
9.2.a [iii] Scripting
9.2.a [iv] Agents
9.2.a [v] Northbound vs. Southbound protocols
9.2.b Describe aspects of virtualization and automation in network environments
9.2.b [i] DevOps methodologies, tools and workflows
9.2.b [ii] Network/application function virtualization [NFV, AFV]
9.2.b [iii] Service function chaining
9.2.b [iv] Performance, availability, and scaling considerations

9.3 Internet of Things

9.3.a Describe architectural framework and deployment considerations for Internet of Things [IoT]
9.3.a [i] Performance, reliability and scalability
9.3.a [ii] Mobility
9.3.a [iii] Security and privacy
9.3.a [iv] Standards and compliance
9.3.a [v] Migration
9.3.a [vi] Environmental impacts on the network


 

QUESTION 1
A SIP carried delivers DIDs to a Cisco Unified Border Element in the form of +155567810XX,
where the last two digits could be anything from 00 to 99. To match the internal dial plan, that
number must be changed to 6785XXX, where the last two digits should be retained. Which two
translation profiles create the required outcome? (Choose two)

A. rule 1 /555\(.*\).*\(.*\)/ /\150\2/
B. rule 1 /+ 1555\(…\).\(…\)$/ /\15\2/
C. rule 1 /^\+ 1555\(678\)10\(..\)$/ /\150\2/
D. rule 1 /^15+678\(… .\)/678\1/
E. rule 1 /.15+678?10?\(..\)/ /67850\1/

Answer: C,E
Explanation:


QUESTION 2
Which Cisco Unified CM service is responsible for detecting new Call Detail Records files and
transferring them to the CDR Repository node?

A. Cisco CallManager
B. Cisco CDR Repository Manager
C. Cisco SOAP-CDRonDemand Service
D. Cisco Extended Functions
E. Cisco CDR Agent

Answer: E
Explanation:


QUESTION 3
Users report that they are unable to control their Cisco 6941 desk phone from their Jabber client,
but the Jabber client works as a soft phone. Which two configuration changes allow this? (Choose two)

A. Assign group “Standard CTI Allow Control of Phones supporting Connected Xfer and Conf” to the user.
B. Set the End User page to the Primary Extension on the desk phone.
C. Set the Owner User ID on the desk phone.
D. Assign group “Standard CTI Enabled User Group” to the user.
E. Assign group “Standard CTI Allow Control of Phones Supporting Rollover Mode” to the user.

Answer: A,E
Explanation:


QUESTION 4
Which two parameters, in the reply of an MGCP gateway to an Audit Endpoint message, indicate
to a Cisco Unified CM that it has an active call on an endpoint? (Choose two)

A. Bearer Information
B. Call ID
C. Capabilities
D. Connection ID
E. Connection Parameters
F. Connection Mode

Answer: A,D
Explanation:


QUESTION 5
Where the administrator can reset all database replication and initiate a broadcast of all tables on
a Cisco Unified CM cluster running version 9.1?

A. Real Time Monitoring Tool
B. Cisco Unified Serviceability
C. Cisco Unified OS Administration
D. Cisco Unified CM CLI
E. Disaster Recovery System

Answer: D
Explanation:


QUESTION 6
During a Cisco Connection extension greeting, callers can press a single key to be transferred to a
specific extension. However, callers report that the system does not process the call immediately
after pressing the key. Which action resolves this issue?

A. Reduce Caller Input timeout in Cisco Unity Connection Service Parameters.
B. Lower the timer Wait for Additional Digits on the Caller input page.
C. Enable Ignore Additional Input on the Edit Caller input page for the selected key.
D. Enable Prepend Digits to Dialed Extensions and configure complete extension number on the
Edit Caller input page for the selected key.
E. Reduce Caller input timeout in Cisco Unity Connection Enterprise Parameters.

Answer: C
Explanation:

Click here to view complete Q&A of 400-051 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-051 Certification, Cisco 400-051 Training at certkingdom.com

Posted in CCIE | Tagged , , , , , , , , | Leave a comment

352-001 CCDE Design Written Exam v2.0 and v2.1

Exam Number 352-001 CCDE
Associated Certifications CCDE
Duration 120 minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Cisco CCDE Written Exam will validate that professionals have the expertise to gather and clarify network functional requirements, develop network designs to meet functional specifications, develop an implementation plan, convey design decisions and their rationale, and possess expert-level network infrastructure knowledge.

Exam Description
Cisco CCDE® Written Exam (352-001) version 2 is a 2-hour test with 90−110 questions that will validate that professionals have the expertise to gather and clarify network functional requirements, develop network designs to meet functional specifications, develop an implementation plan, convey design decisions and their rationale, and possess expert-level network infrastructure knowledge. The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCDE Written Exam Topics v2.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Layer 2 Control Plane 26%

1.1 Describe fast convergence techniques and mechanisms

1.1.a Down detection
1.1.b Interface dampening

1.2 Describe loop detection and mitigation protocols

1.2.a Spanning tree types
1.2.b Spanning tree tuning techniques

1.3 Describe mechanisms that are available for creating loop-free topologies

1.3.a REP
1.3.b Multipath
1.3.c Switch clustering
1.3.d Flex links
1.3.e Loop detection and mitigation

1.4 Describe the effect of transport mechanisms and their interaction with routing protocols over different types of links

1.5 Describe multicast routing concepts

1.6 Describe the effect of fault isolation and resiliency on network design

1.6.a Fault isolation
1.6.b Fate sharing
1.6.c Redundancy
1.6.d Virtualization
1.6.e Segmentation

2.0 Layer 3 Control Plane 37%

2.1 Describe route aggregation concepts and techniques

2.1.a Purpose of route aggregation
2.1.b When to leak routes / avoid suboptimal routing
2.1.c Determine aggregation location and techniques

2.2 Describe the theory and application of network topology layering

2.2.a Layers and their purposes in various environments

2.3 Describe the theory and application of network topology abstraction

2.3.a Purpose of link state topology summarization
2.3.b Use of link state topology summarization

2.4 Describe the effect of fault isolation and resiliency on network design or network reliability

2.4.a Fault isolation
2.4.b Fate sharing
2.4.c Redundancy

2.5 Describe metric-based traffic flow and modification

2.5.a Metrics to modify traffic flow
2.5.b Third-party next hop

2.6 Describe fast convergence techniques and mechanisms

2.6.a Protocol timers
2.6.b Loop-free alternates

2.7 Describe factors affecting convergence

2.7.a Recursion
2.7.b Microloops
2.7.c Transport

2.8 Describe unicast routing protocol operation (OSPF, EIGRP, ISIS, BGP, and RIP) in relation to network design

2.8.a Neighbor relationships
2.8.b Loop-free paths
2.8.c Flooding domains and stubs
2.8.d iBGP scalability

2.9 Analyze operational costs and complexity

2.9.a Routing policy
2.9.b Redistribution methods

2.10 Describe the interaction between routing protocols and topologies

2.11 Describe generic routing and addressing concepts

2.11.a Policy-based routing
2.11.b NAT
2.11.c Subnetting
2.11.d RIB-FIB relationships

2.12 Describe multicast routing concepts

2.12.a General multicast concepts
2.12.b Source specific
2.12.c MSDP/anycast
2.12.d PIM
2.12.e mVPN

2.13 Describe IPv6 concepts and operation

2.13.a General IPv6 concepts
2.13.b IPv6 security
2.13.c IPv6 transition techniques

3.0 Network Virtualization 17%

3.1 Describe Layer 2 and Layer 3 tunnelling technologies

3.1.a Tunnelling for security
3.1.b Tunnelling for network extension
3.1.c Tunnelling for resiliency
3.1.d Tunnelling for protocol integration
3.1.e Tunnelling for traffic optimization

3.2 Analyze the implementation of tunnelling

3.2.a Tunnelling technology selection
3.2.b Tunnelling endpoint selection
3.2.c Tunnelling parameter optimization of end-user applications
3.2.d Effects of tunnelling on routing
3.2.e Routing protocol selection and tuning for tunnels

4.0 Design Considerations 20%

4.1 Analyze various QoS performance metrics

4.1.a Application requirements
4.1.b Performance metrics

4.2 Describe types of QoS techniques

4.2.a Classification and marking
4.2 b Shaping
4.2.c Policing
4.2.d Queuing

4.3 Identify QoS strategies based on customer requirements

4.3.a DiffServ
4.3.b IntServ

4.4 Identify network management requirements

4.5 Identify network application reporting requirements

4.6 Describe technologies, tools, and protocols that are used for network management

4.7 Describe the reference models and processes that are used in network management, such as FCAPS, ITIL®), and TOGAF

4.8 Describe best practices for protecting network infrastructure

4.8.a Secure administrative access
4.8.b Control plane protection

4.9 Describe best practices for protecting network services

4.9.a Deep packet inspection
4.9.b Data plane protection

4.10 Describe tools and technologies for identity management

4.11 Describe tools and technologies for IEEE 802.11 wireless deployment

4.12 Describe tools and technologies for optical deployment

4.13 Describe tools and technologies for SAN fabric deployment
CCDE Written Exam (352-001) Version 2.1

Exam Description
Cisco CCDE® Written Exam [352-001] version 2.1 is a 2-hour test with 90−110 questions that test a candidate’s combined knowledge of routing protocols, internetworking theory and design principles. The exam assesses a candidate’s understanding of network design in the areas of routing, tunneling, Quality of Service, Management, Cost, Capacity, and Security. This exam combines in-depth technical concepts with Network Design principles and is intended for a Network Professional with at least 7 years of experience in Network Engineering or Advanced Network Design. Product-specific knowledge including version of code, implementation and operations specific concepts is not tested on the CCDE exam. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCDE Written Exam Topics v2.1 (Recommended for candidates who are scheduled to take the exam on July 25, 2016 and beyond)

1.0 Layer 2 Control Plane 24%

1.1 Describe fast convergence techniques and mechanisms

1.1.a Down detection
1.1.b Interface dampening

1.2 Describe loop detection and mitigation protocols

1.2.a Spanning tree types
1.2.b Spanning tree tuning techniques

1.3 Describe mechanisms that are available for creating loop-free topologies

1.3.a REP
1.3.b Multipath
1.3.c Switch clustering
1.3.d Flex links
1.3.e Loop detection and mitigation

1.4 Describe the effect of transport mechanisms and their interaction with routing protocols over different types of links

1.5 Describe multicast routing concepts

1.6 Describe the effect of fault isolation and resiliency on network design

1.6.a Fault isolation
1.6.b Fate sharing
1.6.c Redundancy
1.6.d Virtualization
1.6.e Segmentation

2.0 Layer 3 Control Plane 33%

2.1 Describe route aggregation concepts and techniques

2.1.a Purpose of route aggregation
2.1.b When to leak routes / avoid suboptimal routing
2.1.c Determine aggregation location and techniques

2.2 Describe the theory and application of network topology layering

2.2.a Layers and their purposes in various environments

2.3 Describe the theory and application of network topology abstraction

2.3.a Purpose of link state topology summarization
2.3.b Use of link state topology summarization

2.4 Describe the effect of fault isolation and resiliency on network design or network reliability

2.4.a Fault isolation
2.4.b Fate sharing
2.4.c Redundancy

2.5 Describe metric-based traffic flow and modification

2.5.a Metrics to modify traffic flow
2.5.b Third-party next hop

2.6 Describe fast convergence techniques and mechanisms

2.6.a Protocol timers
2.6.b Loop-free alternates

2.7 Describe factors affecting convergence

2.7.a Recursion
2.7.b Microloops
2.7.c Transport

2.8 Describe unicast routing protocol operation [OSPF, EIGRP, ISIS, BGP, and RIP] in relation to network design

2.8.a Neighbor relationships
2.8.b Loop-free paths
2.8.c Flooding domains and stubs
2.8.d iBGP scalability

2.9 Analyze operational costs and complexity

2.9.a Routing policy
2.9.b Redistribution methods

2.10 Describe the interaction between routing protocols and topologies

2.11 Describe generic routing and addressing concepts

2.11.a Policy-based routing
2.11.b NAT
2.11.c Subnetting
2.11.d RIB-FIB relationships

2.12 Describe multicast routing concepts

2.12.a General multicast concepts
2.12.b Source specific
2.12.c MSDP/anycast
2.12.d PIM
2.12.e mVPN

2.13 Describe IPv6 concepts and operation

2.13.a General IPv6 concepts
2.13.b IPv6 security
2.13.c IPv6 transition techniques

3.0 Network Virtualization 15%

3.1 Describe Layer 2 and Layer 3 tunnelling technologies

3.1.a Tunnelling for security
3.1.b Tunnelling for network extension
3.1.c Tunnelling for resiliency
3.1.d Tunnelling for protocol integration
3.1.e Tunnelling for traffic optimization

3.2 Analyze the implementation of tunnelling

3.2.a Tunnelling technology selection
3.2.b Tunnelling endpoint selection
3.2.c Tunnelling parameter optimization of end-user applications
3.2.d Effects of tunnelling on routing
3.2.e Routing protocol selection and tuning for tunnels

4.0 Design Considerations 18%

4.1 Analyze various QoS performance metrics

4.1.a Application requirements
4.1.b Performance metrics

4.2 Describe types of QoS techniques

4.2.a Classification and marking
4.2 b Shaping
4.2.c Policing
4.2.d Queuing

4.3 Identify QoS strategies based on customer requirements

4.3.a DiffServ
4.3.b IntServ

4.4 Identify network management requirements

4.5 Identify network application reporting requirements

4.6 Describe technologies, tools, and protocols that are used for network management

4.7 Describe the reference models and processes that are used in network management, such as FCAPS, ITIL®, and TOGAF

4.8 Describe best practices for protecting network infrastructure

4.8.a Secure administrative access
4.8.b Control plane protection

4.9 Describe best practices for protecting network services

4.9.a Deep packet inspection
4.9.b Data plane protection

4.10 Describe tools and technologies for identity management

4.11 Describe tools and technologies for IEEE 802.11 wireless deployment

4.12 Describe tools and technologies for optical deployment

4.13 Describe tools and technologies for SAN fabric deployment

5.0 Evolving Technologies 10%

5.1 Cloud

5.1.a Compare and contrast Cloud deployment models
5.1.a [i] Infrastructure, platform, and software services [XaaS]
5.1.a [ii] Performance and reliability
5.1.a [iii] Security and privacy
5.1.a [iv] Scalability and interoperability
5.1.b Describe Cloud implementations and operations
5.1.b [i] Automation and orchestration
5.1.b [ii] Workload mobility
5.1.b [iii] Troubleshooting and management
5.1.b [iv] OpenStack components

5.2 Network programmability [SDN]

5.2.a Describe functional elements of network programmability [SDN] and how they interact
5.2.a [i] Controllers
5.2.a [ii] APIs
5.2.a [iii] Scripting
5.2.a [iv] Agents
5.2.a [v] Northbound vs. Southbound protocols
5.2.b Describe aspects of virtualization and automation in network environments
5.2.b [i] DevOps methodologies, tools and workflows
5.2.b [ii] Network/application function virtualization [NFV, AFV]
5.2.b [iii] Service function chaining
5.2.b [iv] Performance, availability, and scaling considerations

5.3 Internet of Things

5.3.a Describe architectural framework and deployment considerations for Internet of Things [IoT]
5.3.a [i] Performance, reliability and scalability
5.3.a [ii] Mobility
5.3.a [iii] Security and privacy
5.3.a [iv] Standards and compliance
5.3.a [v] Migration
5.3.a [vi] Environmental impacts on the network

QUESTION 1
A network designer is redesigning an enterprise campus network to ensure that Ethernet switches
proactively attempt to reconnect after a fiber cut. In the design, they will have to address areas
where fiber cuts exist on campus from past troubleshooting, where a single fiber is disconnected in
the fiber pair, leading to looping. Which feature could be implemented in the design to allow the
Spanning Tree Protocol on the switches to be protected?

A. loop guard
B. UniDirectional Link Detection
C. UniDirectional Link Detection aggressive mode
D. root guard

Answer: C

Explanation:


QUESTION 2
A switched network is being designed to support a manufacturing factory. Due to cost constraints,
fiber-based connectivity is not an option. Which design allows for a stable network when there is a
risk of interference from the manufacturing hardware in use on the factory floor?

A. Design the network to include UDLD to detect unidirectional links and take them out of service.
B. Design the network to include EtherChannel bundles to prevent a single-link failure from taking
down a switch interconnection point.
C. Design the network to include loop guard to prevent a loop in the switched network when a link
has too much interference.
D. Design the network to include BackboneFast on all devices to accelerate failure convergence
times.

Answer: A

Explanation:


QUESTION 3
A service provider has a Resilient Ethernet Protocol ring running as a metro backbone between its
locations in one city. A customer wants to connect one site with one box redundant to the Resilient
Ethernet Protocol ring at two different service provider locations. How can this be done without
producing any Layer 2 loops within the network design?

A. Spanning tree at the service provider side only must be enabled.
B. Spanning tree at the customer side only must be enabled.
C. Flex Links at the service provider side only must be enabled.
D. Flex Links at the customer side only must be enabled.
E. EtherChannel at the service provider side and the customer side must be enabled.
F. Spanning tree at the service provider side and the customer side must be enabled.
G. Flex Links at the service provider side and the customer side must be enabled.

Answer: D

Explanation:


QUESTION 4
You have created a network design that has two point-to-point Metro Ethernet circuits extending a
single production VLAN between two data centers. Under normal circumstances, one circuit will
carry traffic and spanning tree will block the other. If the company wants you to make use of both
circuits to carry production traffic, which two technologies and features will you investigate to
integrate into your network design? (Choose two.)

A. EtherChannel
B. MST
C. Multichassis EtherChannel
D. PVST+

Answer: A,C

Explanation:


QUESTION 5
Voice traffic between two campus enterprise networks is growing. The network designers decide
to add a second 10-Mb Metro Ethernet service parallel to their original 10-Mb service in order to
provide more bandwidth and diversity. The QoS profile will be the same on the new 10-Mb service
due to the voice stability on the first Metro Ethernet link. When the second link is added to the
OSPF domain, which traffic design consideration would have the most impact on the voice traffic
when both links are active?

A. per-destination IP address basis
B. per-flow basis
C. per-packet basis
D. per-source IP address basis

Answer: C

Explanation:

Click here to view complete Q&A of 352-001 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 352-001 Certification, Cisco 352-001 Training at certkingdom.com

 

Posted in CCDE | Tagged , , , , , , , , | Leave a comment

350-018 CCIE Security version 4.0 and version 4.1

CCIE Security
Exam Number 350-018 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 – 110 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

CCIE Security Written Exam (350-018) version 4.0

Exam Description
The Cisco CCIE® Security Written Exam (350-018) version 4.0 is a 2-hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Security Written Exam Topics v4.0 (Recommended for candidates who are scheduled to take the exam BEFORE July 25, 2016)

1.0 Infrastructure, Connectivity, Communications, and Network Security 20%

1.1 Network addressing basics

1.2 OSI layers

1.3 TCP/UDP/IP protocols

1.4 LAN switching (for example, VTP, VLANs, spanning tree, and trunking)

1.5 Routing protocols (for example, RIP, EIGRP, OSPF, and BGP)

1.5.a Basic functions and characteristics
1.5.b Security features

1.6 Tunneling protocols

1.6.a GRE
1.6.b NHRP
1.6.c IPv6 tunnel types

1.7 IP multicast

1.7.a PIM
1.7.b MSDP
1.7.c IGMP and CGMP
1.7.d Multicast Listener Discovery

1.8 Wireless

1.8.a SSID
1.8.b Authentication and authorization
1.8.c Rogue APs
1.8.d Session establishment

1.9 Authentication and authorization technologies

1.9.a Single sign-on
1.9.b OTPs
1.9.c LDAP and AD
1.9.d RBAC

1.10 VPNs

1.10.a L2 vs L3
1.10.b MPLS, VRFs, and tag switching

1.11 Mobile IP networks

2.0 Security Protocols 15%

2.1 RSA

2.2 RC4

2.3 MD5

2.4 SHA

2.5 DES

2.6 3DES

2.7 AES

2.8 IPsec

2.9 ISAKMP

2.10 IKE and IKEv2

2.11 GDOI

2.12 AH

2.13 ESP

2.14 CEP

2.15 TLS and DTLS

2.16 SSL

2.17 SSH

2.18 RADIUS

2.19 TACACS+

2.20 LDAP

2.21 EAP methods (for example, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, and LEAP)

2.22 PKI, PKIX, and PKCS

2.23 IEEE 802.1X

2.24 WEP, WPA, and WPA2

2.25 WCCP

2.26 SXP

2.27 MACsec

2.28 DNSSEC

3.0 Application and Infrastructure Security 10%

3.1 HTTP

3.2 HTTPS

3.3 SMTP

3.4 DHCP

3.5 DNS

3.6 FTP and SFTP

3.7 TFTP

3.8 NTP

3.9 SNMP

3.10 syslog

3.11 Netlogon, NetBIOS, and SMB

3.12 RPCs

3.13 RDP and VNC

3.14 PCoIP

3.15 OWASP

3.16 Manage unnecessary services

4.0 Threats, Vulnerability Analysis, and Mitigation 10%

4.1 Recognize and mitigate common attacks

4.1.a ICMP attacks and PING floods
4.1.b MITM
4.1.c Replay
4.1.d Spoofing
4.1.e Backdoor
4.1.f Botnets
4.1.g Wireless attacks
4.1.h DoS and DDoS attacks
4.1.i Virus and worm outbreaks
4.1.j Header attacks
4.1.k Tunneling attacks

4.2 Software and OS exploits

4.3 Security and attack tools

4.4 Generic network intrusion prevention concepts

4.5 Packet filtering

4.6 Content filtering and packet inspection

4.7 Endpoint and posture assessment

4.8 QoS marking attacks

5.0 Cisco Security Products, Features, and Management 20%

5.1 Cisco Adaptive Security Appliance (ASA)

5.1.a Firewall functionality
5.1.b Routing and multicast capabilities
5.1.c Firewall modes
5.1.d NAT (before and after version 8.4)
5.1.e Object definition and ACLs
5.1.f MPF functionality (IPS, QoS, and application awareness)
5.1.g Context-aware firewall
5.1.h Identity-based services
5.1.i Failover options

5.2 Cisco IOS firewalls and NAT

5.2.a CBAC
5.2.b Zone-based firewall
5.2.c Port-to-application mapping
5.2.d Identity-based firewalling

5.3 Cisco Intrusion Prevention Systems (IPS)

5.4 Cisco IOS IPS

5.5 Cisco AAA protocols and application

5.5.a RADIUS
5.5.b TACACS+
5.5.c Device administration
5.5.d Network access
5.5.e IEEE 802.1X
5.5.f VSAs

5.6 Cisco Identity Services Engine (ISE)

5.7 Cisco Secure ACS Solution Engine

5.8 Cisco Network Admission Control (NAC) Appliance Server

5.9 Endpoint and client

5.9.a Cisco AnyConnect VPN Client
5.9.b Cisco VPN Client
5.9.c Cisco Secure Desktop
5.9.d Cisco NAC Agent

5.10 Secure access gateways (Cisco IOS router or ASA)

5.10.a IPsec
5.10.b SSL VPN
5.10.c PKI

5.11 Virtual security gateway

5.12 Cisco Catalyst 6500 Series ASA Services Modules

5.13 ScanSafe functionality and components

5.14 Cisco Web Security Appliance and Cisco Email Security Appliance

5.15 Security management

5.15.a Cisco Security Manager
5.15.b Cisco Adaptive Security Device Manager (ASDM)
5.15.c Cisco IPS Device Manager (IDM)
5.15.d Cisco IPS Manager Express (IME)
5.15.e Cisco Configuration Professional
5.15.f Cisco Prime

6.0 Cisco Security Technologies and Solutions 17%

6.1 Router hardening features (for example, CoPP, MPP, uRPF, and PBR)

6.2 Switch security features (for example, anti-spoofing, port, STP, MACSEC, NDAC, and NEAT)

6.3 NetFlow

6.4 Wireless security

6.5 Network segregation

6.5.a VRF-aware technologies
6.5.b VXLAN

6.6 VPN solutions

6.6.a FlexVPN
6.6.b DMVPN
6.6.c GET VPN
6.6.d Cisco EasyVPN

6.7 Content and packet filtering

6.8 QoS application for security

6.9 Load balancing and failover

7.0 Security Policies and Procedures, Best Practices, and Standards 8%

7.1 Security policy elements

7.2 Information security standards (for example, ISO/IEC 27001 and ISO/IEC 27002)

7.3 Standards bodies (for example, ISO, IEC, ITU, ISOC, IETF, IAB, IANA, and ICANN)

7.4 Industry best practices (for example, SOX and PCI DSS)

7.5 Common RFC and BCP (for example, RFC2827/BCP38, RFC3704/BCP84, and RFC5735)

7.6 Security audit and validation

7.7 Risk assessment

7.8 Change management process

7.9 Incident response framework

7.10 Computer security forensics

7.11 Desktop security risk assessment and desktop security risk management

CCIE Security Written Exam (350-018) Version 4.1

Exam Description
The Cisco CCIE® Security Written Exam [350-018] version 4.1 is a 2-hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network security solutions and products, as well as current industry best practices and internetworking fundamentals.

Topics include networking fundamentals and security-related concepts and best practices, as well as Cisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls, identity services, policy management, and device hardening. Content includes both IPv4 and IPv6 concepts and solutions.

The exam is closed book, and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

CCIE Security Written Exam Topics v4.1 (Recommended for candidates who are scheduled to take the exam ON July 25, 2016 and beyond)

1.0 Infrastructure, Connectivity, Communications, and Network Security 14%

1.1 Network addressing basics

1.2 OSI layers

1.3 TCP/UDP/IP protocols

1.4 LAN switching [for example, VTP, VLANs, spanning tree, and trunking]

1.5 Routing protocols [for example, RIP, EIGRP, OSPF, and BGP]

1.5.a Basic functions and characteristics
1.5.b Security features

1.6 Tunneling protocols

1.6.a GRE
1.6.b NHRP
1.6.c IPv6 tunnel types

1.7 IP multicast

1.7.a PIM
1.7.b MSDP
1.7.c IGMP and CGMP
1.7.d Multicast Listener Discovery

1.8 Wireless

1.8.a SSID
1.8.b Authentication and authorization
1.8.c Rogue APs
1.8.d Session establishment

1.9 Authentication and authorization technologies

1.9.a Single sign-on
1.9.b OTPs
1.9.c LDAP and AD
1.9.d RBAC

1.10 VPNs

1.10.a L2 vs L3
1.10.b MPLS, VRFs, and tag switching

1.11 Mobile IP networks

2.0 Security Protocols 14%

2.1 RSA

2.2 RC4

2.3 MD5

2.4 SHA

2.5 DES

2.6 3DES

2.7 AES

2.8 IPsec

2.9 ISAKMP

2.10 IKE and IKEv2

2.11 GDOI

2.12 AH

2.13 ESP

2.14 CEP

2.15 TLS and DTLS

2.16 SSL

2.17 SSH

2.18 RADIUS

2.19 TACACS+

2.20 LDAP

2.21 EAP methods [for example, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, and LEAP]

2.22 PKI, PKIX, and PKCS

2.23 IEEE 802.1X

2.24 WEP, WPA, and WPA2

2.25 WCCP

2.26 SXP

2.27 MACsec

2.28 DNSSEC

3.0 Application and Infrastructure Security 10%

3.1 HTTP

3.2 HTTPS

3.3 SMTP

3.4 DHCP

3.5 DNS

3.6 FTP and SFTP

3.7 TFTP

3.8 NTP

3.9 SNMP

3.10 syslog

3.11 Netlogon, NetBIOS, and SMB

3.12 RPCs

3.13 RDP and VNC

3.14 PCoIP

3.15 OWASP

3.16 Manage unnecessary services

4.0 Threats, Vulnerability Analysis, and Mitigation 10%

4.1 Recognize and mitigate common attacks

4.1.a ICMP attacks and PING floods
4.1.b MITM
4.1.c Replay
4.1.d Spoofing
4.1.e Backdoor
4.1.f Botnets
4.1.g Wireless attacks
4.1.h DoS and DDoS attacks
4.1.i Virus and worm outbreaks
4.1.j Header attacks
4.1.k Tunneling attacks

4.2 Software and OS exploits

4.3 Security and attack tools

4.4 Generic network intrusion prevention concepts

4.5 Packet filtering

4.6 Content filtering and packet inspection

4.7 Endpoint and posture assessment

4.8 QoS marking attacks

5.0 Cisco Security Products, Features, and Management 18%

5.1 Cisco Adaptive Security Appliance [ASA]

5.1.a Firewall functionality
5.1.b Routing and multicast capabilities
5.1.c Firewall modes
5.1.d NAT [before and after version 8.4]
5.1.e Object definition and ACLs
5.1.f MPF functionality [IPS, QoS, and application awareness]
5.1.g Context-aware firewall
5.1.h Identity-based services
5.1.i Failover options

5.2 Cisco IOS firewalls and NAT

5.2.a CBAC
5.2.b Zone-based firewall
5.2.c Port-to-application mapping
5.2.d Identity-based firewalling

5.3 Cisco Intrusion Prevention Systems [IPS]

5.4 Cisco IOS IPS

5.5 Cisco AAA protocols and application

5.5.a RADIUS
5.5.b TACACS+
5.5.c Device administration
5.5.d Network access
5.5.e IEEE 802.1X
5.5.f VSAs

5.6 Cisco Identity Services Engine [ISE]

5.7 Cisco Secure ACS Solution Engine

5.8 Cisco Network Admission Control [NAC] Appliance Server

5.9 Endpoint and client

5.9.a Cisco AnyConnect VPN Client
5.9.b Cisco VPN Client
5.9.c Cisco Secure Desktop
5.9.d Cisco NAC Agent

5.10 Secure access gateways [Cisco IOS router or ASA]

5.10.a IPsec
5.10.b SSL VPN
5.10.c PKI

5.11 Virtual security gateway

5.12 Cisco Catalyst 6500 Series ASA Services Modules

5.13 ScanSafe functionality and components

5.14 Cisco Web Security Appliance and Cisco Email Security Appliance

5.15 Security management

5.15.a Cisco Security Manager
5.15.b Cisco Adaptive Security Device Manager [ASDM]
5.15.c Cisco IPS Device Manager [IDM]
5.15.d Cisco IPS Manager Express [IME]
5.15.e Cisco Configuration Professional
5.15.f Cisco Prime

6.0 Cisco Security Technologies and Solutions 16%

6.1 Router hardening features [for example, CoPP, MPP, uRPF, and PBR]

6.2 Switch security features [for example, anti-spoofing, port, STP, MACSEC, NDAC, and NEAT]

6.3 NetFlow

6.4 Wireless security

6.5 Network segregation

6.5.a VRF-aware technologies
6.5.b VXLAN

6.6 VPN solutions

6.6.a FlexVPN
6.6.b DMVPN
6.6.c GET VPN
6.6.d Cisco EasyVPN

6.7 Content and packet filtering

6.8 QoS application for security

6.9 Load balancing and failover

7.0 Security Policies and Procedures, Best Practices, and Standards 8%

7.1 Security policy elements

7.2 Information security standards [for example, ISO/IEC 27001 and ISO/IEC 27002]

7.3 Standards bodies [for example, ISO, IEC, ITU, ISOC, IETF, IAB, IANA, and ICANN]

7.4 Industry best practices [for example, SOX and PCI DSS]

7.5 Common RFC and BCP [for example, RFC2827/BCP38, RFC3704/BCP84, and RFC5735]

7.6 Security audit and validation

7.7 Risk assessment

7.8 Change management process

7.9 Incident response framework

7.10 Computer security forensics

7.11 Desktop security risk assessment and desktop security risk management

8.0 Evolving Technologies 10%

8.1 Cloud

8.1.a Compare and contrast Cloud deployment models
8.1.a [i] Infrastructure, platform, and software services [XaaS]
8.1.a [ii] Performance and reliability
8.1.a [iii] Security and privacy
8.1.a [iv] Scalability and interoperability
8.1.b Describe Cloud implementations and operations
8.1.b [i] Automation and orchestration
8.1.b [ii] Workload mobility
8.1.b [iii] Troubleshooting and management
8.1.b [iv] OpenStack components

8.2 Network programmability [SDN]

8.2.a Describe functional elements of network programmability [SDN] and how they interact
8.2.a [i] Controllers
8.2.a [ii] APIs
8.2.a [iii] Scripting
8.2.a [iv] Agents
8.2.a [v] Northbound vs. Southbound protocols
8.2.b Describe aspects of virtualization and automation in network environments
8.2.b [i] DevOps methodologies, tools and workflows
8.2.b [ii] Network/application function virtualization [NFV, AFV]
8.2.b [iii] Service function chaining
8.2.b [iv] Performance, availability, and scaling considerations

8.3 Internet of Things

8.3.a Describe architectural framework and deployment considerations for Internet of Things [IoT]
8.3.a [i] Performance, reliability and scalability
8.3.a [ii] Mobility
8.3.a [iii] Security and privacy
8.3.a [iv] Standards and compliance
8.3.a [v] Migration
8.3.a [vi] Environmental impacts on the network

 


QUESTION 1
An RSA key pair consists of a public key and a private key and is used to set up PKI. Which statement applies to RSA and PKI?

A. The public key must be included in the certificate enrollment request.
B. The RSA key-pair is a symmetric cryptography.
C. It is possible to determine the RSA key-pair private key from its corresponding public key.
D. When a router that does not have an RSA key pair requests a certificate, the certificate request is sent, but a warning is shown to generate the RSA key pair before a CA signed certificate is received.

Answer: A

Explanation:
An RSA key pair consists of a public key and a private key. When setting up your PKI, you must include the public key in the certificate enrollment request. After the certificate has been granted, the public key will be included in the certificate so that peers can use it to encrypt data that is sent to the router. The private key is kept on the router and used both to decrypt the data sent by peers and to digitally sign transactions when negotiating with peers.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-3s/sec-pki-xe-3s-book/sec-pki-overview.html


QUESTION 2
Refer to the exhibit.


Which three descriptions of the configuration are true? (Choose three.)

A. The configuration is on the NHS.
B. The tunnel IP address represents the NBMA address.
C. This tunnel is a point-to-point GRE tunnel.
D. The tunnel is not providing peer authentication.
E. The configuration is on the NHC.
F. The tunnel encapsulates multicast traffic.
G. The tunnel provides data confidentiality.

Answer: A,F,G


QUESTION 3
Which two values you must configure on the Cisco ASA firewall to support FQDN ACL? (Choose two.)

A. a DNS server
B. an FQDN object
C. a policy map
D. a class map
E. a service object
F. a service policy

Answer: A,B
Reference: https://supportforums.cisco.com/document/66011/using-hostnames-dns-
access-lists-configuration-steps-caveats-and-troubleshooting


QUESTION 4
Which set of encryption algorithms is used by WPA and WPA2?

A. Blowfish and AES
B. CAST and RC6
C. TKIP and RC6
D. TKIP and AES

Answer: D


QUESTION 5
What are two enhancements in WCCP V2.0 over WCCP V1.0? (Choose two.)

A. support for HTTP redirection
B. multicast support
C. authentication support
D. IPv6 support
E. encryption support

Answer: B,C

Explanation: WCCP V2.0 supports the following enhancements to the WCCP V1.0
Protocol:
* Multi-Router Support.
WCCP V2.0 allows a farm of web-caches to be attached to more than one router.
* Multicast Support.
WCCP V2.0 supports multicasting of protocol messages between web-caches and routers.
* Improved Security.
WCCP V2.0 provides optional authentication of protocol packets received by web-caches and routers.
* Support for redirection of non-HTTP traffic.
WCCP V2.0 supports the redirection of traffic other than HTTP traffic through the concept of Service Groups.
* Packet return.
WCCP V2.0 allows a web-cache to decline to service a redirected packet and to return it to a router to be forwarded. The method by which packets are returned to a router is negotiable.
Reference: https://tools.ietf.org/id/draft-wilson-wrec-wccp-v2-01.txt

 

Click here to view complete Q&A of 300-018 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-018 Certification, Cisco 300-018 Training at certkingdom.com

 

Posted in CCIE | Tagged , , , , , , , , | Leave a comment

300-475 CLDACI Designing the Cisco Cloud

Exam Number 300-475 CLDACI
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Recommended Training
The following course is the recommended training for this exam:
Building the Cisco Cloud with Application Centric Infrastructure (CLDACI)

Exam Description
This exam tests a candidate’s knowledge and skills in ACI Architecture, Fabric and Physical Topology; ACI Design and Configuration; APIC Automation Using Northbound API; ACI Integration; and ACI Day 2 Operations.

The Building the Cisco Cloud with Application Centric Infrastructure (CLDACI) exam (300-47) is a 90-minute, 55–65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and skills in ACI architecture, fabric and physical topology; ACI design and configuration; APIC automation using northbound API; ACI integration; and ACI day two operations. Candidates can prepare for this assessment by taking the Building the Cisco Cloud with Application Centric Infrastructure (CLDACI v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 ACI Architectural Overview 10%
1.1 Describe concepts of decoupling of identity from location and why ACI is relevant
1.1.a Application policy
1.1.b Application mobility
1.1.c Application use cases for ACI

1.2 Describe basic fabric design concepts
1.2.a Theory of design leaf spine
1.2.b Fabric controller

1.3 Describe connectivity for the following
1.3.a Bare metal servers
1.3.b Appliances
1.3.c Networks
1.3.d Interoperability

1.4 Describe fabric use of VXLAN
1.5 Describe the operational model change in data center / orchestration / northbound API

2.0 ACI Fabric Fundamentals 15%
2.1 Describe ACI VXLAN overlay functionality
2.2 Describe service graphing
2.3 Describe endpoints and endpoint groups
2.4 Describe application workload mobility
2.5 Describe ACI multitenancy model
2.6 Describe Layer 4 to Layer 7 services
2.7 Describe telemetry
2.8 Describe dynamic load balancing
2.9 Describe unicast fast reroute
2.10 Describe multicast fast reroute
2.11 Describe health scores
2.12 Describe anycast gateway
2.13 Describe the object-oriented NX-OS

3.0 ACI Physical Topology 12%
3.1 Explain 40 Gb and 100 Gb technologies
3.2 Describe spine
3.3 Describe leaf
3.4 Describe fat tree
3.5 Describe federation of policies
3.6 Describe architecture spine, leaf
3.7 Describe FEX placement
3.8 Describe vPC and ACI
3.9 Describe hypervisor networking
3.10 Describe pods
3.11 Describe controller network

4.0 ACI Design and Configuration 20%
4.1 Describe migration
4.2 Explain ACI scale
4.2.a Per fabric
4.2.b Per leaf
4.3 Designing Topologies
4.4 Describe ACI external and management tenants / EPGs
4.4.a Layer 2
4.4.b Layer 3
4.4.b (i) Private – Layer 3
4.5 Configure application profile
4.6 Configure contracts
4.7 Configure EPGs
4.8 Configure tenant

5.0 APIC Automation Using Northbound API 14%
5.1 Describe the role of automation and APIs
5.2 Compare and contrast the DevOps approach and the ITIL approach
5.3 Differentiate the relationship between the following technologies and the ACI operational models
5.3.a Puppet
5.3.b Chef
5.3.c Python (Cobra, SDK)
5.3.d JSON
5.3.e XML
5.3.f RESTful API

6.0 ACI Integration 14%
6.1 Integrating L4-7 Services with ACI
6.1.a Describe the Layer 4-7 ACI concepts
6.1.a (i) Firewalls
6.1.a (ii) Load balancers
6.1.a (iii) IDS
6.1.b Integrating existing Cisco and OEM devices
6.1.c Describe the automation capabilities
6.1.d Implement ACI with fully integrated devices

6.2 Hypervisor integration
6.2.a Describe how the hypervisor endpoint discovery is accomplished
6.2.b Describe how the hypervisor endpoint policy is applied
6.2.c Compare and contrast the ACI features of the Cisco AVS to other virtual switches

6.3 Integration with Cisco OpenStack
6.3.a Describe the role of the Cisco OpenStack controller
6.3.b Describe the Interaction with the ACI fabric: the ACI neutron plugin
6.3.c Describe the OpFlex concept and advantages into an easy integration to the ACI fabric

7.0 ACI Day 2 Operations 5%
7.1 APIC management
7.1.a Explain controller overview
7.1.b Explain controller clustering
7.1.c Describe cluster communication
7.1.d Explain scalability

7.2 Monitoring and Troubleshooting

7.2.a Troubleshooting the ACI fabric


QUESTION 1
How does the Cisco ACI fabric decouple host identity from its location in the fabric?

A. VTEP addresses
B. contract
C. end point groups
D. L2VPN EVPN address family

Answer: C

Explanation:


QUESTION 2
Which best describes the Cisco ACI fabric configuration?

A. manual discovery, manual provisioning, 10- and 40-Gb/s links, Clos design
B. autodiscovery, manual provisioning, 10- and 40-Gb/s links, Clos design
C. autodiscovery, zero-touch provisioning, 40-Gb/s links, Clos design
D. manual discovery, zero-touch provisioning, 40-Gb/s links, Clos design

Answer: C

Explanation:


QUESTION 3
What is the requirement to establish connectivity in the Cisco ACI fabric between two EPGs in
separate tenants?

A. scope tenant contract
B. scope private contract
C. scope intertenant contract
D. scope global contract

Answer: D

Explanation:


QUESTION 4
Which network protocol is used for Cisco ACI fabric data plane forwarding?

A. VXLAN
B. ISIS
C. MP-BGP
D. FabricPath

Answer: A

Explanation:


QUESTION 5
Which two encoding languages are used by the Cisco APIC API? (Choose two.)

A. JSON
B. JAVA
C. BSON
D. XML
E. YAML

Answer: A,D

Explanation:

Click here to view complete Q&A of 300-475 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-475 Certification, Cisco 300-475 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-470 CLDAUT Designing the Cisco Cloud

Exam Number 300-470 CLDAUT
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Exam Description
The Automating the Cisco Enterprise Cloud (CLDAUT) exam (300-470) is a 90-minute, 55–65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to provision private IaaS, provision private IaaS with catalog scaling, provision private IaaS with network automation, provision hybrid IaaS, and perform application provisioning a life-cycle management. Candidates can prepare for this assessment by taking the Automating the Cisco Enterprise Cloud (CLDAUT v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Provision Private IaaS Infrastructure 27%

1.1 Create cloud tenant

1.1.a Provision infrastructure devices
1.1.a.1 Provision network
1.1.a.2 Provision compute
1.1.a.3 Provision storage

1.2 Develop policies

1.2.a Network
1.2.b Storage
1.2.c Compute
1.2.d Cost model
1.2.e Service catalog

1.3 Manage virtual data centers

1.3.a Create virtual data center
1.3.b Manage application categories in a VDC

1.4 Manage workflows

1.4.a Create input/output parameters
1.4.b Add tasks to workflow designer
1.4.c Create custom workflow tasks
1.4.d Describe the open automation took kit (SDK)

1.5 Manage catalogs

1.5.a Publish standard and advanced catalogs
1.5.b Cloning a catalog
1.5.c Create user VM action policy
1.5.d Cost (monetary) tracking

1.6 Configure self-service provisioning in Cisco UCS Director

1.6.a Customize portals
1.6.b Create service request workflow
1.6.c Monitor service requests

2.0 Provision Private IaaS Catalog 17%

2.1 Publish Cisco UCS Director services in PSC 11.0

2.1.a Discover Cisco UCS Director catalogs and templates
2.1.b Publish services with RBAC for end-user ordering

2.2 Order PSC IaaS services as end users

2.2.a Login as an end user
2.2.b Order a VM based on standard or advanced
2.2.c Catalogs
2.2.d Order a service container

2.3 Publish application stack services

2.3.a Design application stack services
2.3.b Publish application stack services with RBAC for end-user ordering
2.3.c Order application stack as an end user

3.0 Provision Private IaaS with Network Automation 18%

3.1 Define policies for container

3.1.a Computing policies
3.1.b Network policy
3.1.c Storage policies
3.1.d System policies

3.2 Defining global resource pools

3.2.a Configure VLAN/VXLAN pools
3.2.b Configure IP subnet pools
3.2.c Configure static IP pools

3.3 Creating a Cisco VACS three-tier internal template

3.3.a Specifying a template type
3.3.b Selecting the deployment options
3.3.c Configuring network resource pools
3.3.d Configuring VM networks
3.3.e Adding virtual machines to a template

3.4 Creating a Cisco VACS three-tier external template

3.4.a Define ACL for three-tier external template
3.4.b Configure security zones

3.5 Publish discovered VACS services in PSC 11.0

3.5.a Discover the VACS containers
3.5.b Register the VACS application container templates

4.0 Provision Hybrid IaaS 18%

4.1 Configure intercloud fabric connectivity

4.1.a Set up provider cloud account
4.1.b Set up infrastructure image
4.1.c Set up secure extension
4.1.d Add port profile
4.1.e Create IP pools for VMs
4.1.f Create user groups and users
4.1.g Configure vDCs
4.1.h Configure network and system policies

4.2 Create VM templates to deploy new workloads in the hybrid cloud

4.2.a Configure a virtual machine template
4.2.b Configure network policies
4.2.c Configure system policies
4.2.d Configure storage policies
4.2.e Configure VMware policies (network, system, computing, and storage)
4.2.f Create a catalog for templates

4.3 Create VM templates to migrate workloads between public cloud and private clouds

4.3.a Configure a virtual machine template
4.3.b Configure network policies
4.3.c Configure system policies
4.3.d Configure storage polices
4.3.e Configure VMware policies (network, system, computing, and storage)
4.3.f Create a catalog for templates

4.4 Deploy security appliances in the hybrid cloud

4.4.a Run infrastructure wizard through ICF to bring up ICS services controller and cloud components (such as: PNSC)
4.4.b Add the compute firewall
4.4.c Define compute security profile
4.4.d Define object groups, zones, rules, and policies
4.4.e Create service path
4.4.f Bind the service path to port profile

4.5 Configure routing policies to enable secure communication between hybrid cloud VMs

4.5.a Add edge routers
4.5.b Add system policies
4.5.c Add network policies
4.5.d Add routing policies
4.5.e Assign VMs

4.6 Configure end-user workflows to manage virtual machines in hybrid cloud environment

4.6.a Bursting
4.6.b Sandbox for development
4.6.c Disaster recovery
4.6.d Production deployment on public environment

5.0 Application Provisioning and Life-Cycle Management 20%

5.1 Order a virtual server on PSC 11.0

5.1.a Order a VM based on standard or advanced catalogs
5.1.b Order a service container

5.2 Order a physical server on PSC 11.0

5.2.a Order a bare-metal physical server
5.2.b Order a virtualized physical server

5.3 Order a multitier application container on PSC 11.0

5.3.a Order a three-tier application container

5.4 Managing application containers

5.4.a Access the application container reports
5.4.b Power on the application container
5.4.c Power off the application container
5.4.d Add VMs to application container
5.4.e Delete VMs from application container
5.4.f Delete an application container

5.5 Managing life cycles

5.5.a VM
5.5.b Compute
5.5.c Storage
5.5.d Network

5.6 Snapshots

5.6.a Types
5.6.b Requirements
5.6.c Limitations


QUESTION 1
Cisco Intelligent Automation Cloud is a solution that enables organizations to automate delivery of
physical and virtual servers through the use of a self-service portal. Which two key Cisco products
are used for the automation framework of this solution? (Choose two.)

A. Cisco Process Orchestrator
B. Cisco Prime Service Catalog
C. Cisco Cloud Orchestrator
D. Cisco Server Orchestrator
E. Cisco Process Portal

Answer: A,B

Explanation:


QUESTION 2
Which three statements are true regarding Cisco VACS and its benefit for cloud deployment?
(Choose three.)

A. Cisco VACS offers easy-to-use templates for rapid provisioning.
B. Cisco VACS lacks security although it offers intuitive user interface through Cisco UCS
Director.
C. Cisco VACS is a robust container for three-tier or custom application deployment.
D. CSR benefits up to 10-G/ps throughput with the advent of Cisco VACS support.
E. CSR benefits up to 40-G/ps throughput with the advent of Cisco VACS support.
F. Cisco VACS offers acustom application deployment for the Cisco Prime Service Catalog.

Answer: A,C,D

Explanation:


QUESTION 3
The Cisco UCS Director includes a set of wizards that guide through configuring features. Which
three wizards are available in the Cisco UCS Director? (Choose three.)

A. FlexPod Configuration
B. VDC Creation
C. Catalog Configuration
D. Device Discovery
E. Zoning Creation
F. Storage Discovery

Answer: A,B,D

Explanation:


QUESTION 4
A cost model in UCS Director is used to define the unit level costs of which two virtual resources?
(Choose two.)

A. socket
B. CPU
C. RAM
D. NIC
E. vNIC
F. datastore size

Answer: B,C

Explanation:


QUESTION 5
Which two statements are true regarding role-based access control in Prime Service Catalog?
(Choose two.)

A. IT admin usesthe Cisco Prime Service Catalog as the primary interface to manage tenant life
cycle and services.
B. Tenant admin in the private cloud is associated with tenant billing and cost model.
C. Development of stack designer for application deployment is not within the framework of RBAC.
D. IT admin manages infrastructure in the cloud and uses the Cisco Prime Service Catalog,
Horizon, and Openstack templates as the primary interface.

Answer: A,D

Explanation:

 

Click here to view complete Q&A of 300-470 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-470 Certification, Cisco 300-470 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-465 CLDDES Designing the Cisco Cloud

Exam Number 300-465 CLDDES
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Exam Description
The 300-465 (CLDDES) Designing the Cisco Cloud is a 90-minute, 55-65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to: translate requirements into cloud/automation process designs; design Private Cloud infrastructures; design Public Cloud infrastructures, design Cloud Security Policies; and design Virtualization and Virtual Network Services. Candidates can prepare for this assessment by taking the Designing the Cisco Cloud (CLDDES v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Translate Requirements into Automation Designs 22%

1.1 Gather business requirements

1.1.a Identify key business requirements for cloud/automation
1.1.b Choose appropriate cloud implementation to meet business requirements

1.2 Describe automation as a foundation of cloud design

1.3 Design appropriate automation tasks to meet requirements

1.3.a Design infrastructure container automation within UCS Director
1.3.b Design catalog
1.3.c Define infrastructure container
1.3.d Design workflow and services

1.4 Design Prime Services Catalog store front for UCS Director

1.5 Design Application and Platform as a Service using Stack Designer

1.6 Select the appropriate solution to automate private or hybrid clouds

1.6.a Cisco Enablement Platform
1.6.b UCS Director
1.6.c Cisco Intelligent Automation for Cloud (CIAC)

2.0 Design a Private Cloud Infrastructure 22%

2.1 Compare and contrast the various private cloud integrated infrastructures

2.1.a Flexpod
2.1.b VBlock
2.1.c Virtual System Specifications (VSPEX)

2.2 Given a set of requirements, determine when to use file or block storage

2.3 Select the methods of accessing storage

2.3.a Determine connectivity types
2.3.b Determine access rights

2.4 Determine the thin/thick provisioning methods for a given environment

2.5 Determine the appropriate methods of interconnecting private clouds

2.6 Determine when to use the appropriate solution to automate network services

3.0 Design a Hybrid Cloud Infrastructure 16%

3.1 Compare and contrast the various public cloud architectures

3.2 Select the methodology to connect to public clouds

3.3 Select the appropriate solution to automate hybrid cloud provisioning

4.0 Design a Cloud Security Policy 20%

4.1 Describe best practices for securing cloud infrastructure

4.2 Describe best practices for securing cloud services

4.3 Design a secure multi tenant environment

4.4 Design a security policy to protect a private cloud

4.5 Design a security policy to protect a hybrid cloud

5.0 Virtualization and Virtual Network Services for Private and Hybrid Clouds 20%

5.1 Describe the advantages, disadvantages and features of different hypervisors

5.1.a Resource scheduling
5.1.b DR
5.1.c HA

5.2 Describe the use of cloud automation tools to facilitate physical to virtual or virtual to virtual migrations

5.2.a Workflows
5.2.a.1 Cisco Enablement Platform
5.2.a.2 UCS Director
5.2.a.3 Virtual Application Container Services (VACS)
5.2.b Compare benefits and limitation of Virtual Machines

5.3 Select the appropriate virtual network and security services to meet requirements

5.4 Describe context aware infrastructure and workflow identity

5.4.a Methodologies
5.4.b Components
5.4.c Use cases

5.5 Describe workload mobility

5.5.a Describe VM migration: move VMs from any hypervisor to any public cloud and back
5.5.b Describe VM conversion
5.5.c Describe use cases

5.6 Describe the ability to automate VM life cycle

5.6.a Describe workflow creation using Intercloud Fabric Director and Prime Services Catalog

Click here to view complete Q&A of 300-465 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-465 Certification, Cisco 300-465 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-460 CLDINF Implementing and Troubleshooting the Cisco Cloud Infrastructure

Exam Number 300-460 CLDINF
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 – 65 questions)
Available Languages English

Exam Description
The 300-460 (CLDINF) Implementing and Troubleshooting the Cisco Cloud Infrastructure is a 90-minute, 55-65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate’s knowledge and ability to: setup Cloud infrastructure including physical and virtual Data Centers; implement Storage infrastructure and connectivity; implement Network infrastructure and connectivity; implement Compute; troubleshoot Cloud workflows or applications; and identify infrastructure operational domains. Candidates can prepare for this assessment by taking the Implementing and Troubleshooting the Cisco Cloud Infrastructure (CLDINF v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Knowledge of Cloud Infrastructure 16%

1.1 Demonstrate practical experience of both physical and virtual Data Centers

1.1.a Validate physical connection to LAN, SAN
1.1.b Management connection
1.1.c Server ports to chassis
1.1.d Virtual fiber channel
1.1.e Domain Virtual Machine Manager (VMM)
1.1.f Configuring UCS service profiles, vNICs & templates

1.2 Setup hypervisor

2.0 Storage 21%

2.1 Implement storage infrastructure

2.1.a Block Storage
2.1.a.1 Zoning
2.1.a.2 Describe initiator and target relationship
2.1.a.3 Boot targets
2.1.a.4 Setup LUN/Volume on storage controller
2.1.b File Storage
2.1.b.1 Mount point vs. shares

2.2 Implement storage connectivity

2.2.a Configure vHBA
2.2.b Configure WWPN pool
2.2.c Configure WWN Pool
2.2.d Configure iSCSI pool
2.2.e Configure VSAN group
2.2.f Configure boot order/ boot policy
2.2.g Configure local storage / disk policy (RAID)
2.2.h Describe protected config

3.0 Network Tasks 22%

3.1 Implement network infrastructure

3.1.a Nexus 1000v / Distributed Virtual Switch (DVS)
3.1.b Virtual switch

3.2 Implement network connectivity

3.2.a vNICs
3.2.b MAC pool
3.2.c IP Management pool
3.2.d UUID pool
3.2.e Port-profiles / port groups
3.2.f VLAN group, VXLAN

4.0 Compute 23%

4.1 Implement Compute

4.1.a Virtual
4.1.a.1 Install Hypervisors
4.1.a.2 Configure templates
4.1.a.3 Configure resource pools
4.1.b Physical
4.1.b.1 Bare Metal
4.1.b.1.1 OS image / template
4.1.b.1.2 PXE boot
4.1.b.1.3 Lights out management
4.1.c UCSM
4.1.c.1 Service profiles
4.1.c.2 Boot policy

5.0 Troubleshooting knowledge of Infrastructure 18%

5.1 Troubleshoot context of workflow or applications

5.1.a Describe troubleshooting methodologies
5.1.b Templates
5.1.c Orchestration
5.1.d Provisioning

5.2 Identify operational domains

5.2.a Storage
5.2.b Networking
5.2.c Virtualization
5.2.d Compute

Click here to view complete Q&A of 300-460 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-460 Certification, Cisco 300-460 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-320 ARCH Designing Cisco Network Service Architectures

Exam Number 300-320
Associated Certifications CCDP
Duration 75 minutes (60 – 70 questions)
Available Languages English

Exam Description
The Designing Cisco Network Service Architectures (ARCH) exam (300-320) is a 75-minute assessment with 60 – 70 questions associated with the Cisco Certified Design Professional certification. This exam tests a candidate’s knowledge of the latest development in network design and technologies, including L2 and L3 infrastructures for the enterprise, WAN technologies, data center integration, network security and network services.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Advanced Addressing and Routing Solutions for Enterprise Networks 22%

1.1 Create structured addressing designs to facilitate summarization

1.1.a Hierarchy
1.1.b Efficiency
1.1.c Scalability
1.1.d NAT

1.2 Create stable, secure, and scalable routing designs for IS-IS

1.3 Create stable, secure, and scalable routing designs for EIGRP

1.4 Create stable, secure, and scalable routing designs for OSPF

1.5 Create stable, secure, and scalable routing designs for BGP

1.5.a Transit prevention
1.5.b Basic route filtering
1.5.c Authentication
1.5.d Communities
1.5.e Basic traffic engineering (load distribution, creating path symmetry)
1.5.f Route reflectors

1.6 Determine IPv6 migration strategies

1.6.a Overlay (tunneling)
1.6.b Native (dual-stacking)
1.6.c Boundaries (IPv4/IPv6 translations)

2.0 Advanced Enterprise Campus Networks 20%

2.1 Design for high availability

2.1.a First Hop Redundancy Protocols
2.1.b Device virtualization

2.2 Design campus Layer 2 infrastructures

2.2.a STP scalability
2.2.b Fast convergence
2.2.c Loop-free technologies

2.3 Design multicampus Layer 3 infrastructures

2.3.a Convergence
2.3.b Load sharing
2.3.c Route summarization
2.3.d Route filtering
2.3.e VRFs
2.3.f Optimal topologies

2.4 Design a network to support network programmability

2.4.a Describe Application Centric Infrastructures (ACI)
2.4.b Select appropriate controller to meet requirements
2.4.c Identify and address key security issues with network programmability

3.0 WANs for Enterprise Networks 17%

3.1 Compare and contrast WAN connectivity options

3.1.a Dynamic Multipoint VPN (DMVPN)
3.1.b Layer 2 VPN
3.1.c MPLS Layer 3 VPN
3.1.d IPsec
3.1.e Generic Routing Encapsulation (GRE)
3.1.f Private lines

3.2 Design site-to-site VPNs

3.2.a DMVPN
3.2.b Layer 2 VPN
3.2.c MPLS Layer 3 VPN
3.2.d IPSec
3.2.e Group Encrypted Transport VPN (GETVPN)

3.3 Design for a resilient WAN strategy

3.3.a Single-homed
3.3.b Multi-homed
3.3.c Backup connectivity
3.3.d Failover

3.4 Design Extranet connectivity

3.4.a VPN
3.4.b Private lines
3.4.c Multitenant segmentation

3.5 Design Internet edge connectivity

3.5.a DMZ
3.5.b NAT
3.5.c Proxy functionality
3.5.d Resiliency
3.5.e Basic traffic engineering techniques (outbound/inbound load distribution, active/failover, symmetric outbound traffic flows)

4.0 Enterprise Data Center Integration 17%

4.1 Describe a modular and scalable data center network

4.1.a Top-of-rack
4.1.b End-of-row
4.1.c Multitenant environments
4.1.d Multitier topologies

4.2 Describe network virtualization technologies for the data center

4.2.a VPC
4.2.b VSS
4.2.c VDCs
4.2.d VRFs
4.2.e Multichassis EtherChannel
4.2.f VXLAN
4.2.g TRILL / Fabric Path

4.3 Describe high availability in a data center network

4.3.a VPC
4.3.b VSS
4.3.c Multichassis EtherChannel

4.4 Design data center interconnectivity

4.4.a OTV
4.4.b Private Line
4.4.c L2 vs. L3
4.4.d VPLS
4.4.e A-VPLS

4.5 Design data center and network integration

4.5.a Traffic flow
4.5.b Bandwidth
4.5.c Security
4.5.d Resiliency

5.0 Security Services 13%

5.1 Design firewall and IPS solutions

5.1.a Modes of operation
5.1.b Clustering
5.1.c High availability techniques
5.1.d IPS functionality and placement
5.1.e Multiple contexts

5.2 Design network access control solutions

5.2.a 802.1x
5.2.b TrustSec
5.2.c EAP
5.2.d Authentication services
5.2.e RBAC
5.2.f Basic denial of service mitigation techniques

5.3 Design infrastructure protection

5.3.a Infra structure ACLs
5.3.b CoPP
5.3.c Layer 2 / Layer 3 security considerations

6.0 Network Services 11%

6.1 Select appropriate QoS strategies to meet customer requirements

6.1.a DiffServ
6.1.b IntServ

6.2 Design end-to-end QoS policies

6.2.a Classification and marking
6.2.b Shaping
6.2.c Policing
6.2.d Queuing

6.3 Describe network management techniques

6.3.a In-band vs. out-of-band
6.3.b Segmented management networks
6.3.c Prioritizing network management traffic

6.4 Describe multicast routing concepts

6.4.a Source trees, shared trees
6.4.b RPF
6.4.c Rendezvous points

6.5 Design multicast services

6.5.a SSM
6.5.b PIM bidirectional
6.5.c MSDP


QUESTION 1
Which option maximizes EIGRP scalability?

A. route redistribution
B. route redundancy
C. route filtering
D. route summarization

Answer: D


QUESTION 2
To which network layer should Cisco Express Forwarding be tuned to support load balancing and to make more informed forwarding decisions?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6
G. Layer 7

Answer: D


QUESTION 3
Which option is the Cisco preferred, most versatile, and highest-performance way to deploy IPv6 in existing IPv4 environments?

A. dual stack
B. hybrid
C. service block
D. dual service

Answer: A


QUESTION 4
An engineer is designing an address plan. Which IPv6 prefix removes any consideration regarding the number of hosts per subnet?

A. /32
B. /48
C. /64
D. /96

Answer: C


QUESTION 5
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?

A. VRRP
B. BGP
C. IPsec
D. SSL

Answer: B


QUESTION 6
What is the latest Cisco high-availability solution?

A. VRRP
B. HSRP
C. VSS
D. GLBP

Answer: C

Click here to view complete Q&A of 300-320 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-320 Certification, Cisco 300-320 Training at certkingdom.com

Posted in Cisco CCDP | Tagged , , , , , , , , | Leave a comment

300-209 SIMOS Implementing Cisco Secure Mobility Solutions

Exam Number 300-209 SIMOS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Secure Mobility Solutions (SIMOS) (300-209) exam tests a network security engineer on the variety of Virtual Private Network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS software platforms. This 90-minute exam consists of 65–75 questions and assesses the knowledge necessary to properly implement highly secure remote communications through VPN technology, such as remote access SSL VPN and site-to-site VPN (DMVPN, FlexVPN). Candidates can prepare for this exam by taking the Implementing Cisco Secure Mobility Solutions (SIMOS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Secure Communications 32%

1.1 Site-to-site VPNs on routers and firewalls
1.1.a Describe GETVPN
1.1.b Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
1.1.c Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
1.1.d Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA

1.2 Implement remote access VPNs
1.2.a Implement AnyConnect IKEv2 VPNs on ASA and routers
1.2.b Implement AnyConnect SSLVPN on ASA and routers
1.2.c Implement clientless SSLVPN on ASA and routers
1.2.d Implement FLEX VPN on routers

2.0 Troubleshooting, Monitoring and Reporting Tools 38%

2.1 Troubleshoot VPN using ASDM & CLI
2.1.a Troubleshoot IPsec
2.1.b Troubleshoot DMVPN
2.1.c Troubleshoot FlexVPN
2.1.d Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
2.1.e Troubleshoot clientless SSLVPN on ASA and routers

3.0 Secure Communications Architectures 30%

3.1 Design site-to-site VPN solutions
3.1.a Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
3.1.b VPN technology considerations based on functional requirements
3.1.c High availability considerations
3.1.d Identify VPN technology based on configuration output

3.2 Design remote access VPN solutions
3.2.a Identify functional components of FlexVPN, IPsec, and Clientless SSL
3.2.b VPN technology considerations based on functional requirements
3.2.c High availability considerations
3.2.d Identify VPN technology based on configuration output
3.2.e Identify AnyConnect client requirements
3.2.f Clientless SSL browser and client considerations/requirements
3.2.g Identify split tunneling requirements

3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)
3.3.a Compare and contrast Symmetric and asymmetric key algorithms
3.3.b Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing algorithms MD5 and SHA, and authentication methods
3.3.c Describe PKI components and protection methods
3.3.d Describe Elliptic Curve Cryptography (ECC)
3.3.e Compare and contrast SSL, DTLS, and TLS


 

QUESTION 2
Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

A. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
B. IKEv2 sessions are not licensed.
C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
D. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Answer: B


QUESTION 3
Which is used by GETVPN, FlexVPN and DMVPN?

A. NHRP
B. MPLS
C. GRE
D. ESP

Answer: D


QUESTION 4
Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?

A. stronger encryption methods
B. Network Address Translation of encrypted traffic
C. traffic management based on original source and destination addresses
D. Tunnel Endpoint Discovery

Answer: C


QUESTION 5
Which three commands are included in the command show dmvpn detail? (Choose three.)

A. show ip nhrp nhs
B. show dmvpn
C. show crypto session detail
D. show crypto ipsec sa detail
E. show crypto sockets
F. show ip nhrp

Answer: A,B,C


QUESTION 6
Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

A. SHA-512
B. SHA-256
C. SHA-192
D. SHA-380
E. SHA-192
F. SHA-196

Answer: A,B


QUESTION 7
Which statement about the hub in a DMVPN configuration with iBGP is true?

A. It must be a route reflector client.
B. It must redistribute EIGRP from the spokes.
C. It must be in a different AS.
D. It must be a route reflector.

Answer: D

Click here to view complete Q&A of 300-209 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-209 Certification, Cisco 300-209 Training at certkingdom.com

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment

300-208 SISAS Implementing Cisco Secure Access Solutions

Exam Number 300-208 SISAS
Associated Certifications CCNP Security
Duration 90 minutes (65 – 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam tests whether a network security engineer knows the components and architecture of secure access, by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 65–75 questions and assesses knowledge of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Identity Management/Secure Access 33%
1.1 Implement device administration

1.1.a Compare and select AAA options
1.1.b TACACS+
1.1.c RADIUS
1.1.d Describe Native AD and LDAP

1.2 Describe identity management
1.2.a Describe features and functionality of authentication and authorization
1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
1.2.c Implement accounting

1.3 Implement wired/wireless 802.1X
1.3.a Describe RADIUS flows
1.3.b AV pairs
1.3.c EAP types
1.3.d Describe supplicant, authenticator, and server
1.3.e Supplicant options
1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
1.3.g AAA server
1.3.h Network access devices

1.4 Implement MAB
1.4.a Describe the MAB process within an 802.1X framework
1.4.b Flexible authentication configuration
1.4.c ISE authentication/authorization policies
1.4.d ISE endpoint identity configuration
1.4.e Verify MAB Operation

1.5 Implement network authorization enforcement
1.5.a dACL
1.5.b Dynamic VLAN assignment
1.5.c Describe SGA
1.5.d Named ACL
1.5.e CoA

1.6 Implement Central Web Authentication (CWA)
1.6.a Describe the function of CoA to support web authentication
1.6.b Configure authentication policy to facilitate CWA
1.6.c URL redirect policy
1.6.d Redirect ACL
1.6.e Customize web portal
1.6.f Verify central web authentication operation

1.7 Implement profiling
1.7.a Enable the profiling services
1.7.b Network probes
1.7.c IOS Device Sensor
1.7.d Feed service
1.7.e Profiling policy rules
1.7.f Utilize profile assignment in authorization policies
1.7.g Verify profiling operation

1.8 Implement guest services
1.8.a Managing sponsor accounts
1.8.b Sponsor portals
1.8.c Guest portals
1.8.d Guest Policies
1.8.e Self registration
1.8.f Guest activation
1.8.g Differentiated secure access
1.8.h Verify guest services operation

1.9 Implement posture services
1.9.a Describe the function of CoA to support posture services
1.9.b Agent options
1.9.c Client provisioning policy and redirect ACL
1.9.d Posture policy
1.9.e Quarantine/remediation
1.9.f Verify posture service operation

1.10 Implement BYOD access
1.10.a Describe elements of a BYOD policy
1.10.b Device registration
1.10.c My devices portal
1.10.d Describe supplicant provisioning

2.0 Threat Defense 10%
2.1 Describe TrustSec Architecture
2.1.a SGT Classification – dynamic/static
2.1.b SGT Transport – inline tagging and SXP
2.1.c SGT Enforcement – SGACL and SGFW
2.1.d MACsec

3.0 Troubleshooting, Monitoring and Reporting Tools 7%

3.1 Troubleshoot identity management solutions

3.1.a Identify issues using authentication event details in Cisco ISE
3.1.b Troubleshoot using Cisco ISE diagnostic tools
3.1.c Troubleshoot endpoint issues
3.1.d Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
3.1.e Troubleshoot backup operations

4.0 Threat Defense Architectures 17%

4.1 Design highly secure wireless solution with ISE

4.1.a Identity Management
4.1.b 802.1X
4.1.c MAB
4.1.d Network authorization enforcement
4.1.e CWA
4.1.f Profiling
4.1.g Guest Services
4.1.h Posture Services
4.1.i BYOD Access

5.0 Identity Management Architectures 33%

5.1 Device administration
5.2 Identity Management
5.3 Profiling
5.4 Guest Services
5.5 Posturing Services
5.6 BYOD Access

 

QUESTION 1
With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)

A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE

Answer: A,E


QUESTION 2
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A. destination MAC address
B. source MAC address
C. 802.1AE header in EtherType
D. security group tag in EtherType
E. integrity check value
F. CRC/FCS

Answer: C,E


QUESTION 3
Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
E. It allows the WLC to failover because of congestion.

Answer: B,C,D


QUESTION 4
In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.
B. It identifies the user who is trying to access a device.
C. It identifies the actions that a user has previously taken.
D. It identifies what the user can access.

Answer: B


QUESTION 5
Which two EAP types require server side certificates? (Choose two.)

A. EAP-TLS
B. PEAP
C. EAP-MD5
D. LEAP
E. EAP-FAST
F. MSCHAPv2

Answer: A,B

Click here to view complete Q&A of 300-208 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 300-208 Certification, Cisco 300-208 Training at certkingdom.com

 

Posted in CISCO CCNP | Tagged , , , , , , , , | Leave a comment